Vulnerabilities > Fortinet > Fortios > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-12 CVE-2017-7734 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
network
low complexity
fortinet CWE-79
5.4
5.4
2017-09-12 CVE-2017-3133 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
network
low complexity
fortinet CWE-79
6.1
6.1
2017-09-12 CVE-2017-3132 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
network
low complexity
fortinet CWE-79
6.1
6.1
2017-09-12 CVE-2017-3131 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
network
low complexity
fortinet CWE-79
5.4
5.4
2017-06-01 CVE-2017-3127 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
network
low complexity
fortinet CWE-79
6.1
6.1
2017-05-23 CVE-2017-3128 Cross-site Scripting vulnerability in Fortinet Fortios
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.
network
low complexity
fortinet CWE-79
4.8
4.8
2017-03-30 CVE-2016-7542 Information Exposure vulnerability in Fortinet Fortios
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.
network
low complexity
fortinet CWE-200
4.9
4.9
2017-03-30 CVE-2016-7541 7PK - Security Features vulnerability in Fortinet Fortios
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode.
network
high complexity
fortinet CWE-254
5.9
5.9
2017-02-08 CVE-2016-8492 Information Exposure vulnerability in Fortinet Fortios
The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption.
network
high complexity
fortinet CWE-200
5.9
5.9
2016-04-08 CVE-2016-3978 Cross-site Scripting vulnerability in Fortinet Fortios
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."
network
low complexity
fortinet CWE-79
6.1
6.1