Total
30544 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-22304 | 1 Fortinet | 1 Fortiauthenticator Agent For Microsoft Outlook Web Access | 2024-10-22 | 6.1 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | ||||
| CVE-2022-23438 | 1 Fortinet | 1 Fortios | 2024-10-22 | 4.7 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. | ||||
| CVE-2023-41680 | 1 Fortinet | 1 Fortisandbox | 2024-10-22 | 7.3 High |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2022-29057 | 1 Fortinet | 1 Fortiedr | 2024-10-22 | 5.4 Medium |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints. | ||||
| CVE-2023-41843 | 1 Fortinet | 1 Fortisandbox | 2024-10-22 | 7.3 High |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2022-26114 | 1 Fortinet | 1 Fortimail | 2024-10-22 | 5.4 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages. | ||||
| CVE-2021-43080 | 1 Fortinet | 1 Fortios | 2024-10-22 | 4.6 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors. | ||||
| CVE-2022-40680 | 1 Fortinet | 1 Fortios | 2024-10-22 | 3.8 Low |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages. | ||||
| CVE-2022-38379 | 1 Fortinet | 1 Fortisoar | 2024-10-22 | 3.4 Low |
| Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. | ||||
| CVE-2022-38376 | 1 Fortinet | 1 Fortinac | 2024-10-22 | 5.8 Medium |
| Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. | ||||
| CVE-2022-30304 | 1 Fortinet | 1 Fortianalyzer | 2024-10-22 | 4.2 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer. | ||||
| CVE-2022-43952 | 1 Fortinet | 1 Fortiadc | 2024-10-22 | 3.3 Low |
| An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests. | ||||
| CVE-2022-35850 | 1 Fortinet | 1 Fortiauthenticator | 2024-10-22 | 4.2 Medium |
| An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page. | ||||
| CVE-2021-36870 | 1 Codecabin | 1 Wp Go Maps | 2024-10-22 | 5.5 Medium |
| Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address. | ||||
| CVE-2020-36763 | 1 Duxcms Project | 1 Duxcms | 2024-10-22 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post. | ||||
| CVE-2023-38065 | 1 Jetbrains | 1 Teamcity | 2024-10-22 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible | ||||
| CVE-2024-46237 | 1 Phpgurukul | 1 Hospital Management System | 2024-10-22 | 4.8 Medium |
| PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. | ||||
| CVE-2023-32445 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-22 | 6.1 Medium |
| This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack. | ||||
| CVE-2024-10142 | 1 Code-projects | 1 Blood Bank System | 2024-10-22 | 3.5 Low |
| A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-38303 | 1 Webmin | 1 Webmin | 2024-10-22 | 5.4 Medium |
| An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter. | ||||