CVE-2024-26006

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-79
View all →

Vulnerability Description

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.

Related Vulnerabilities

CVE-2016-8719

HIGH
CVSS:7.5(High)

An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multip...

CWE-792016

CVE-2018-12319

HIGH
CVSS:7.5(High)

Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.

CWE-792018

CVE-2018-3740

HIGH
CVSS:7.5(High)

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

CWE-792018

CVE-2018-6010

HIGH
CVSS:7.5(High)

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Relat...

CWE-792018

CVE-2019-15816

HIGH
CVSS:7.5(High)

The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions.

CWE-792019

CVE-2019-17214

HIGH
CVSS:7.5(High)

The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI.

CWE-792019