3 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. H3C SSL VPN versiones hasta 10-07-2022, permite una vulnerabilidad de tipo XSS en la cookie del archivo wnm/login/login.json svpnlang • https://github.com/safe3s/CVE-2022-35416 https://github.com/Docker-droid/H3C_SSL_VPN_XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1

Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en global-protect/login.esp en los portales Palo Alto Networks Global Protect Data, Global Protect Gateway y SSL VPN v3.1.x a v3.1.11 y v4.0.x a v4.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro InputStr en una acción de inicio de sesión. • http://blog.abhisek.me/2012/06/xss-on-palo-alto-networks-global.html http://www.osvdb.org/83896 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 3

tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. • https://www.exploit-db.com/exploits/26771 http://secunia.com/advisories/17974 http://securitytracker.com/id?1015341 http://www.sec-consult.com/247.html http://www.securityfocus.com/archive/1/419263/100/0/threaded http://www.securityfocus.com/bid/15798 http://www.vupen.com/english/advisories/2005/2845 •