Vulnerabilities > Fortinet > Fortiauthenticator > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2022-35850 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page. | 6.1 |
| 2023-03-09 | CVE-2023-26208 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortiauthenticator A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 5.3 |
| 2022-02-02 | CVE-2021-36177 | Unspecified vulnerability in Fortinet Fortiauthenticator An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. low complexity fortinet | 4.3 |
| 2021-12-08 | CVE-2021-43067 | Information Exposure vulnerability in Fortinet Fortiauthenticator A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. | 6.5 |
| 2020-01-07 | CVE-2019-16154 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator 6.0.0 An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | 6.1 |
| 2018-05-31 | CVE-2018-9186 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | 6.1 |