CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.

** PSIRT Advisories**

**FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI**

**Summary**

Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities \[CWE-79\] in FortiNAC portal UI may allow an attacker to perform an XSS attack via crafted HTTP requests.

**Affected Products**

FortiNAC version 9.4.0 through 9.4.1  
FortiNAC 9.2 all versions  
FortiNAC 9.1 all versions  
FortiNAC 8.8 all versions  
FortiNAC 8.7 all versions  
FortiNAC 8.6 all versions

**Solutions**

Please upgrade to FortiNAC version 7.2F or above  
Please upgrade to FortiNAC version 9.4.2 or above

**Acknowledgement**

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

Headline

CVE-2022-38376: Fortiguard

CVE: Latest News