Vulnerabilities > Fortinet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-04 | CVE-2020-6640 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | 5.4 |
| 2020-06-04 | CVE-2019-16150 | Use of Hard-coded Credentials vulnerability in Fortinet Forticlient Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | 5.5 |
| 2020-06-01 | CVE-2019-15709 | Improper Input Validation vulnerability in Fortinet Fortiap-S, Fortiap-U and Fortiap-W2 An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | 6.5 |
| 2020-04-07 | CVE-2020-9286 | Unspecified vulnerability in Fortinet Fortiadc Firmware An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. | 6.5 |
| 2020-04-07 | CVE-2020-6647 | Cross-site Scripting vulnerability in Fortinet Fortiadc Firmware An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | 5.4 |
| 2020-03-17 | CVE-2020-6646 | Cross-site Scripting vulnerability in Fortinet Fortiweb An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | 5.4 |
| 2020-03-15 | CVE-2019-6696 | Open Redirect vulnerability in Fortinet Fortios An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | 6.1 |
| 2020-03-15 | CVE-2019-15708 | OS Command Injection vulnerability in Fortinet products A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. | 6.7 |
| 2020-03-13 | CVE-2019-6699 | Cross-site Scripting vulnerability in Fortinet Fortiadc An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | 5.4 |
| 2020-03-13 | CVE-2019-16157 | Information Exposure Through Log Files vulnerability in Fortinet Fortiweb An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | 6.5 |