Vulnerabilities > Fortinet > Fortianalyzer > 7.2.1

DATE CVE VULNERABILITY TITLE RISK
2023-03-07 CVE-2023-25611 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
local
low complexity
fortinet CWE-1236
7.3
2023-02-16 CVE-2022-30304 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.
network
low complexity
fortinet CWE-79
6.1