Vulnerabilities > Fortinet > Fortinac > 9.2.4

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2022-40678 Insufficiently Protected Credentials vulnerability in Fortinet Fortinac
An insufficiently protected credentials in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow a local attacker with database access to recover user passwords.
local
low complexity
fortinet CWE-522
7.8
2023-02-16 CVE-2023-22638 Cross-site Scripting vulnerability in Fortinet Fortinac
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
network
low complexity
fortinet CWE-79
5.4