CVE-2019-6697

MEDIUM Year: 2019
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an unauthenticated attacker in the same network as the FortiGate to perform a Stored Cross Site Scripting attack (XSS) by sending a crafted DHCP packet.

Related Vulnerabilities

CVE-2018-1081

MEDIUM
CVSS:5.3(Medium)

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script....

CWE-792018

CVE-2018-12073

MEDIUM
CVSS:5.3(Medium)

An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this iss...

CWE-792018

CVE-2018-15676

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprint...

CWE-792018

CVE-2018-21030

MEDIUM
CVSS:5.3(Medium)

Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document.

CWE-792018

CVE-2019-4186

MEDIUM
CVSS:5.3(Medium)

IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. By sending a specially crafted HTTP GET request, a remot...

CWE-792019

CVE-2019-7430

MEDIUM
CVSS:5.3(Medium)

PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.

CWE-792019