Vulnerabilities > Fortinet > Fortimanager Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-16 CVE-2017-17541 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
network
fortinet CWE-79
4.3
4.3
2017-08-22 CVE-2015-3617 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortimanager Firmware
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
local
low complexity
fortinet CWE-264
4.6
4.6
2017-08-11 CVE-2015-3614 Information Exposure vulnerability in Fortinet Fortimanager Firmware
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
network
low complexity
fortinet CWE-200
5.0
5.0
2017-05-27 CVE-2017-3126 Open Redirect vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
network
fortinet CWE-601
5.8
5.8
2017-02-13 CVE-2016-8495 Information Exposure vulnerability in Fortinet Fortimanager Firmware
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
network
fortinet CWE-200
5.8
5.8
2016-08-19 CVE-2016-3195 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
fortinet CWE-79
4.3
4.3
2016-08-19 CVE-2016-3194 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
fortinet CWE-79
4.3
4.3
2015-11-02 CVE-2015-8038 Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.
network
fortinet CWE-79
4.3
4.3
2015-11-02 CVE-2015-8037 Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.
network
fortinet CWE-79
4.3
4.3
2015-05-12 CVE-2015-3620 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
fortinet CWE-79
4.3
4.3