Vulnerabilities > Fortinet > Fortios > 5.2.12

DATE CVE VULNERABILITY TITLE RISK
2018-05-25 CVE-2017-14185 Information Exposure vulnerability in Fortinet Fortios
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal.
network
low complexity
fortinet CWE-200
5.0
5.0
2017-11-29 CVE-2017-14186 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter.
network
fortinet CWE-79
3.5
3.5
2017-09-12 CVE-2017-3133 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
network
fortinet CWE-79
4.3
4.3
2017-09-12 CVE-2017-3132 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
network
fortinet CWE-79
4.3
4.3