Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-24 CVE-2020-12815 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortitester
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.
network
low complexity
fortinet CWE-79
5.4
5.4
2020-09-24 CVE-2020-12811 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
network
low complexity
fortinet CWE-79
6.1
6.1
2020-09-24 CVE-2020-12818 Unspecified vulnerability in Fortinet Fortios
An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.
network
low complexity
fortinet
5.3
5.3
2020-09-24 CVE-2020-12816 Cross-site Scripting vulnerability in Fortinet Fortinac
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.
network
low complexity
fortinet CWE-79
6.1
6.1
2020-08-14 CVE-2019-5591 Missing Authentication for Critical Function vulnerability in Fortinet Fortios
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
low complexity
fortinet CWE-306
6.5
6.5
2020-06-22 CVE-2020-9288 Cross-site Scripting vulnerability in Fortinet Fortiwlc
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
network
low complexity
fortinet CWE-79
5.4
5.4
2020-06-04 CVE-2020-6640 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
network
low complexity
fortinet CWE-79
5.4
5.4
2020-06-04 CVE-2019-16150 Use of Hard-coded Credentials vulnerability in Fortinet Forticlient
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key.
local
low complexity
fortinet CWE-798
5.5
5.5
2020-06-01 CVE-2019-15709 Improper Input Validation vulnerability in Fortinet Fortiap-S, Fortiap-U and Fortiap-W2
An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI.
network
low complexity
fortinet CWE-20
6.5
6.5
2020-04-07 CVE-2020-9286 Unspecified vulnerability in Fortinet Fortiadc Firmware
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
network
low complexity
fortinet
6.5
6.5