Vulnerabilities > Fortinet > Fortideceptor > 4.2.0

DATE CVE VULNERABILITY TITLE RISK
2025-01-15 CVE-2024-35280 Cross-site Scripting vulnerability in Fortinet Fortideceptor
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints
network
low complexity
fortinet CWE-79
6.1
6.1
2022-12-06 CVE-2022-30305 Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortideceptor and Fortisandbox
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
network
low complexity
fortinet CWE-307
7.5
7.5
2022-11-02 CVE-2022-38373 Cross-site Scripting vulnerability in Fortinet Fortideceptor
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
network
low complexity
fortinet CWE-79
5.4
5.4