CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers

**![](https://fortiguard.com/static/images/icons/psirt.svg?v=4940) PSIRT Advisories**

**FortiWeb - Reflected cross-site scripting in error controllers**

**Summary**

Multiple improper neutralization of input during web page generation ('Cross-site Scripting') \[CWE-79\] in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers.

**Affected Products**

FortiWeb version 6.4.1 and below are impacted.  
FortiWeb version 6.3.15 and below are impacted.  
FortiWeb version 6.2.5 and below are impacted.

**Solutions**

Upgrade to the upcoming FortiWeb version 7.0.0 or above.  
Upgrade to FortiWeb version 6.4.2 or above.  
Upgrade to FortiWeb version 6.3.16 or above.

**Acknowledgement**

Internally discovered and reported by Mattia Fecit of Fortinet Product Security team.

Headline

CVE-2021-36188: Fortiguard

CVE: Latest News