Vulnerabilities > Fortinet > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-24 | CVE-2019-15703 | Insufficient Entropy vulnerability in Fortinet Fortios An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | 2.6 |
| 2018-06-28 | CVE-2018-1351 | Cross-site Scripting vulnerability in Fortinet Fortimanager A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. | 3.5 |
| 2017-11-29 | CVE-2017-14186 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. | 3.5 |
| 2017-11-22 | CVE-2017-7736 | Cross-site Scripting vulnerability in Fortinet Fortiweb A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import. | 3.5 |
| 2017-10-26 | CVE-2017-7335 | Cross-site Scripting vulnerability in Fortinet Fortiwlc A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. | 3.5 |
| 2017-09-12 | CVE-2017-3131 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. | 3.5 |
| 2017-09-12 | CVE-2017-7734 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. | 3.5 |
| 2017-09-12 | CVE-2017-7735 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. | 3.5 |
| 2017-08-11 | CVE-2015-3615 | Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | 3.5 |
| 2017-05-23 | CVE-2017-3128 | Cross-site Scripting vulnerability in Fortinet Fortios A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | 3.5 |