Vulnerabilities > Fortinet > Fortiportal > 5.0.3

DATE CVE VULNERABILITY TITLE RISK
2021-08-19 CVE-2021-32602 Cross-site Scripting vulnerability in Fortinet Fortiportal
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value.
network
fortinet CWE-79
4.3
4.3
2021-08-18 CVE-2021-32588 Use of Hard-coded Credentials vulnerability in Fortinet Fortiportal
A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions 5.1.x and 5.0.x may allow a remote and unauthenticated attacker to execute unauthorized commands as root by uploading and deploying malicious web application archive files using the default hard-coded Tomcat Manager username and password.
network
low complexity
fortinet CWE-798
critical
 10.0
10
2021-08-04 CVE-2021-36168 Path Traversal vulnerability in Fortinet Fortiportal
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.
network
low complexity
fortinet CWE-22
4.0
4.0
2021-08-04 CVE-2021-32590 SQL Injection vulnerability in Fortinet Fortiportal
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-89
critical
 9.0
9.0
2021-08-04 CVE-2021-32594 Unrestricted Upload of File with Dangerous Type vulnerability in Fortinet Fortiportal
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files.
network
low complexity
fortinet CWE-434
5.5
5.5