5.2.8

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-12	CVE-2017-3132	Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. network low complexity fortinet CWE-79	6.1
2017-08-10	CVE-2017-3130	Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. network low complexity fortinet CWE-200	7.5
2017-06-01	CVE-2017-3127	Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. network low complexity fortinet CWE-79	6.1
2017-05-23	CVE-2017-3128	Cross-site Scripting vulnerability in Fortinet Fortios A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. network low complexity fortinet CWE-79	4.8
2017-03-30	CVE-2016-7542	Information Exposure vulnerability in Fortinet Fortios A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. network low complexity fortinet CWE-200	4.9
2017-03-30	CVE-2016-7541	7PK - Security Features vulnerability in Fortinet Fortios Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. network high complexity fortinet CWE-254	5.9