5.4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-12	CVE-2017-7734	Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. network fortinet CWE-79	3.5
2017-09-12	CVE-2017-3133	Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. network fortinet CWE-79	4.3
2017-09-12	CVE-2017-3132	Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. network fortinet CWE-79	4.3
2017-09-12	CVE-2017-3131	Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. network fortinet CWE-79	3.5
2017-08-10	CVE-2017-3130	Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. network low complexity fortinet CWE-200	5.0
2017-03-30	CVE-2016-7542	Information Exposure vulnerability in Fortinet Fortios A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. network low complexity fortinet CWE-200	4.0