Vulnerabilities > Fortinet > Fortiweb > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-27 | CVE-2023-22636 | Unspecified vulnerability in Fortinet Fortiweb An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request. | 3.3 |
| 2021-10-06 | CVE-2021-36175 | Cross-site Scripting vulnerability in Fortinet Fortiweb An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device. | 3.5 |
| 2020-03-17 | CVE-2020-6646 | Cross-site Scripting vulnerability in Fortinet Fortiweb An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | 3.5 |
| 2017-11-22 | CVE-2017-7736 | Cross-site Scripting vulnerability in Fortinet Fortiweb A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import. | 3.5 |
| 2014-02-04 | CVE-2014-1458 | Cross-Site Scripting vulnerability in Fortinet Fortiweb Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |