CVE-2024-33510

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-358
View all →

Vulnerability Description

An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests.

Related Vulnerabilities

CVE-2017-2604

MEDIUM
CVSS:4.3(Medium)

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).

CWE-3582017

CVE-2017-2611

MEDIUM
CVSS:4.3(Medium)

Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permiss...

CWE-3582017

CVE-2020-10743

MEDIUM
CVSS:4.3(Medium)

It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to...

CWE-3582020

CVE-2022-27219

MEDIUM
CVSS:4.3(Medium)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. T...

CWE-3582022

CVE-2022-27220

MEDIUM
CVSS:4.3(Medium)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. ...

CWE-3582022

CVE-2024-3838

MEDIUM
CVSS:4.3(Medium)

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium...

CWE-3582024