Vulnerabilities > Fortinet > Fortiportal

DATE CVE VULNERABILITY TITLE RISK
2023-01-03 CVE-2022-41336 Cross-site Scripting vulnerability in Fortinet Fortiportal
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.
network
low complexity
fortinet CWE-79
4.8
2022-04-06 CVE-2021-26104 OS Command Injection vulnerability in Fortinet Fortianalyzer, Fortimanager and Fortiportal
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.
local
low complexity
fortinet CWE-78
7.8
2022-03-01 CVE-2021-36171 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Fortinet Fortiportal
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
network
high complexity
fortinet CWE-338
8.1
2021-12-08 CVE-2021-42757 Out-of-bounds Write vulnerability in Fortinet products
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2021-11-02 CVE-2021-36174 Allocation of Resources Without Limits or Throttling vulnerability in Fortinet Fortiportal
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.
network
low complexity
fortinet CWE-770
7.5
2021-11-02 CVE-2021-36176 Cross-site Scripting vulnerability in Fortinet Fortiportal
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
network
low complexity
fortinet CWE-79
6.1
2021-11-02 CVE-2021-32595 Resource Exhaustion vulnerability in Fortinet Fortiportal
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
network
low complexity
fortinet CWE-400
6.5
2021-11-02 CVE-2021-36172 XXE vulnerability in Fortinet Fortiportal
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.
network
low complexity
fortinet CWE-611
8.1
2021-11-02 CVE-2021-36181 Race Condition vulnerability in Fortinet Fortiportal
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests.
network
high complexity
fortinet CWE-362
3.1
2021-08-19 CVE-2021-32602 Cross-site Scripting vulnerability in Fortinet Fortiportal
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value.
network
low complexity
fortinet CWE-79
6.1