Vulnerabilities > Fortinet > Fortios

DATE CVE VULNERABILITY TITLE RISK
2017-10-27 CVE-2017-14182 Improper Input Validation vulnerability in Fortinet Fortios
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.
network
low complexity
fortinet CWE-20
4.0
4.0
2017-09-12 CVE-2017-7735 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.
network
fortinet CWE-79
3.5
3.5
2017-09-12 CVE-2017-7734 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
network
fortinet CWE-79
3.5
3.5
2017-09-12 CVE-2017-3133 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
network
fortinet CWE-79
4.3
4.3
2017-09-12 CVE-2017-3132 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
network
fortinet CWE-79
4.3
4.3
2017-09-12 CVE-2017-3131 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
network
fortinet CWE-79
3.5
3.5
2017-08-10 CVE-2017-3130 Information Exposure vulnerability in Fortinet Fortios
An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.
network
low complexity
fortinet CWE-200
5.0
5.0
2017-06-01 CVE-2017-3127 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
network
fortinet CWE-79
4.3
4.3
2017-05-23 CVE-2017-3128 Cross-site Scripting vulnerability in Fortinet Fortios
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.
network
fortinet CWE-79
3.5
3.5
2017-03-30 CVE-2016-7542 Information Exposure vulnerability in Fortinet Fortios
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.
network
low complexity
fortinet CWE-200
4.0
4.0