Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-13 CVE-2019-6699 Cross-site Scripting vulnerability in Fortinet Fortiadc
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.
network
low complexity
fortinet CWE-79
5.4
2020-03-13 CVE-2019-16157 Information Exposure Through Log Files vulnerability in Fortinet Fortiweb
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
network
low complexity
fortinet CWE-532
6.5
2020-03-12 CVE-2020-6643 Cross-site Scripting vulnerability in Fortinet Fortiisolator
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS).
network
low complexity
fortinet CWE-79
5.4
2020-03-12 CVE-2019-16156 Cross-site Scripting vulnerability in Fortinet Fortiweb
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
network
low complexity
fortinet CWE-79
6.1
2020-02-06 CVE-2019-17652 Out-of-bounds Write vulnerability in Fortinet Forticlient
A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized.
network
low complexity
fortinet CWE-787
6.5
2020-02-06 CVE-2019-16152 Improper Input Validation vulnerability in Fortinet Forticlient
A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.
network
low complexity
fortinet CWE-20
6.5
2020-02-04 CVE-2015-3612 Cross-site Scripting vulnerability in Fortinet Fortimanager
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
network
low complexity
fortinet CWE-79
5.4
2020-01-28 CVE-2019-17651 Cross-site Scripting vulnerability in Fortinet Fortisiem
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.
network
low complexity
fortinet CWE-79
5.4
2020-01-23 CVE-2019-15707 Unspecified vulnerability in Fortinet Fortimail
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
network
low complexity
fortinet
4.9
2020-01-23 CVE-2019-5593 Improper Handling of Exceptional Conditions vulnerability in Fortinet Fortios
Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below.
local
low complexity
fortinet CWE-755
5.5