Vulnerabilities > Fortinet > Fortiweb > 6.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-28 | CVE-2019-5590 | Cross-site Scripting vulnerability in Fortinet Fortiweb The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | 6.1 |
| 2018-03-20 | CVE-2017-14191 | Unspecified vulnerability in Fortinet Fortiweb An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. | 5.9 |