CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

** PSIRT Advisories**

**FortiDeceptor - Reflected XSS vulnerability on Lure Resources page**

**Summary**

An improper neutralization of input during web page generation vulnerability \[CWE-79\] in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

**Affected Products**

FortiDeceptor version 4.2.0  
FortiDeceptor version 4.1.0 through 4.1.1  
FortiDeceptor version 4.0.2

**Solutions**

Please upgrade to FortiDeceptor version 4.3.0 or above  
Please upgrade to FortiDeceptor version 4.2.1 or above  
Please upgrade to FortiDeceptor version 4.1.2 or above  
Please upgrade to FortiDeceptor version 4.0.3 or above

Headline

CVE-2022-38373: Fortiguard

CVE: Latest News