Vulnerabilities > Fortinet > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-24 | CVE-2020-12815 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | 3.5 |
| 2020-06-22 | CVE-2020-9288 | Cross-site Scripting vulnerability in Fortinet Fortiwlc An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | 3.5 |
| 2020-06-04 | CVE-2020-6640 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | 3.5 |
| 2020-04-07 | CVE-2020-6647 | Cross-site Scripting vulnerability in Fortinet Fortiadc Firmware An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | 3.5 |
| 2020-03-17 | CVE-2020-6646 | Cross-site Scripting vulnerability in Fortinet Fortiweb An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | 3.5 |
| 2020-03-13 | CVE-2019-6699 | Cross-site Scripting vulnerability in Fortinet Fortiadc An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | 3.5 |
| 2020-03-12 | CVE-2020-6643 | Cross-site Scripting vulnerability in Fortinet Fortiisolator An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | 3.5 |
| 2020-02-04 | CVE-2015-3612 | Cross-site Scripting vulnerability in Fortinet Fortimanager A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. | 3.5 |
| 2020-01-28 | CVE-2019-17651 | Cross-site Scripting vulnerability in Fortinet Fortisiem An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | 3.5 |
| 2020-01-23 | CVE-2019-5593 | Incorrect Default Permissions vulnerability in Fortinet Fortios Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below. | 2.1 |