Vulnerabilities > Fortinet > Fortianalyzer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-04 | CVE-2020-6640 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | 5.4 |
| 2019-05-28 | CVE-2018-13375 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. | 6.1 |
| 2018-06-27 | CVE-2018-1355 | Open Redirect vulnerability in Fortinet Fortianalyzer and Fortimanager An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. | 6.1 |
| 2018-06-27 | CVE-2018-1354 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortimanager An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 6.5 |