2 results (0.015 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. H3C SSL VPN versiones hasta 10-07-2022, permite una vulnerabilidad de tipo XSS en la cookie del archivo wnm/login/login.json svpnlang • https://github.com/safe3s/CVE-2022-35416 https://github.com/Docker-droid/H3C_SSL_VPN_XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 7%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wa/auth en PortWise SSL VPN v4.6 permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "reloadFrame". • https://www.exploit-db.com/exploits/33653 http://osvdb.org/62482 http://packetstormsecurity.org/1002-exploits/PR09-04.txt http://secunia.com/advisories/38627 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-04 http://www.securityfocus.com/archive/1/509584/100/0/threaded http://www.securityfocus.com/bid/38308 https://exchange.xforce.ibmcloud.com/vulnerabilities/56420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •