Vulnerabilities > Fortinet > Low

DATE CVE VULNERABILITY TITLE RISK
2016-10-07 CVE-2015-7363 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
network
fortinet CWE-79
3.5
3.5
2016-08-19 CVE-2016-3193 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
fortinet CWE-79
3.5
3.5
2016-08-05 CVE-2016-3196 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
network
fortinet CWE-79
3.5
3.5
2015-09-03 CVE-2015-4077 Information Exposure vulnerability in Fortinet Forticlient
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.
local
low complexity
fortinet CWE-200
2.1
2.1
2015-02-02 CVE-2015-1451 Cross-site Scripting vulnerability in Fortinet Fortios 5.0.7
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.
network
fortinet CWE-79
3.5
3.5
2014-02-04 CVE-2014-1458 Cross-Site Scripting vulnerability in Fortinet Fortiweb
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.
network
fortinet CWE-79
3.5
3.5