CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests

**![](https://fortiguard.com/static/images/icons/psirt.svg?v=4940) PSIRT Advisories**

**FortiWLM - stored cross-site scripting in hotspot profile controller**

**Summary**

An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') \[CWE-79\] in FortiWLM may allow an authenticated attacker to perform a stored cross site scripting attack (XSS) via storing malicious payloads and trigger the attack on victim's client via various endpoints.

**Affected Products**

FortiWLM version 8.6.1 and below.

**Solutions**

Upgrade to FortiWLM version 8.6.2 or above.

**Acknowledgement**

Internally discovered and reported by Mattia Fecit of Fortinet Product Security team.

Headline

CVE-2021-41029: Fortiguard

CVE: Latest News