Vulnerabilities > Fortinet > Fortianalyzer Firmware > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-16 | CVE-2017-17541 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | 4.3 |
2017-05-27 | CVE-2017-3126 | Open Redirect vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | 5.8 |
2016-08-19 | CVE-2016-3195 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2016-08-19 | CVE-2016-3194 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-05-12 | CVE-2015-3620 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-31 | CVE-2014-2336 | Cross-Site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. | 4.3 |
2014-10-31 | CVE-2014-2335 | Cross-Site Scripting vulnerability in Fortinet Fortianalyzer Firmware Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | 4.3 |
2014-10-31 | CVE-2014-2334 | Cross-Site Scripting vulnerability in Fortinet Fortianalyzer Firmware Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. | 4.3 |
2013-11-20 | CVE-2013-6826 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet products cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. | 6.8 |