Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-05-08 | CVE-2014-3115 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortiweb Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. | 6.8 |
| 2014-04-30 | CVE-2014-1957 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiweb FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | 6.5 |
| 2014-04-30 | CVE-2014-1956 | Unspecified vulnerability in Fortinet Fortiweb CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.0 |
| 2014-04-30 | CVE-2014-1955 | Cross-Site Scripting vulnerability in Fortinet Fortiweb Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-04-30 | CVE-2013-6990 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiauthenticator FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | 9.0 |
| 2014-04-10 | CVE-2014-0331 | Cross-Site Scripting vulnerability in Fortinet products Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/. | 4.3 |
| 2014-02-04 | CVE-2014-1458 | Cross-Site Scripting vulnerability in Fortinet Fortiweb Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-02-04 | CVE-2013-7182 | Cross-Site Scripting vulnerability in Fortinet Fortios 5.0.5 Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. | 4.3 |
| 2014-02-04 | CVE-2013-7181 | Cross-Site Scripting vulnerability in Fortinet Fortiweb 5.0.3 Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | 4.3 |
| 2013-11-20 | CVE-2013-6826 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet products cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. | 6.8 |