An improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability [CWE-74] in FortiOS and FortiProxy SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests. Revised on 2024-12-04 08:24:41
SSLVPN WEB UI Text injection
- Osint10x Feeds
- Uncategorized
- November 12, 2024
Stay Updated with Our Newsletter
Recent Posts
- Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing
- Interview with Pryx Part 2: Diving Deeper into Server-Side Stealers & Other Interesting Chit-chats
- LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
- Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices
- Vulnerability & Patch Roundup — November 2024
Leave a Reply