Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-07	CVE-2020-6647	Cross-site Scripting vulnerability in Fortinet Fortiadc Firmware An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. network low complexity fortinet CWE-79	5.4
2020-03-17	CVE-2020-6646	Cross-site Scripting vulnerability in Fortinet Fortiweb An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. network low complexity fortinet CWE-79	5.4
2020-03-15	CVE-2019-6696	Open Redirect vulnerability in Fortinet Fortios An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. network low complexity fortinet CWE-601	6.1
2020-03-15	CVE-2019-15708	OS Command Injection vulnerability in Fortinet products A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. local low complexity fortinet CWE-78	6.7
2020-03-13	CVE-2019-6699	Cross-site Scripting vulnerability in Fortinet Fortiadc An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. network low complexity fortinet CWE-79	5.4
2020-03-13	CVE-2019-16157	Information Exposure Through Log Files vulnerability in Fortinet Fortiweb An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. network low complexity fortinet CWE-532	6.5
2020-03-12	CVE-2020-6643	Cross-site Scripting vulnerability in Fortinet Fortiisolator An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). network low complexity fortinet CWE-79	5.4
2020-03-12	CVE-2019-16156	Cross-site Scripting vulnerability in Fortinet Fortiweb An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). network low complexity fortinet CWE-79	6.1
2020-02-06	CVE-2019-17652	Out-of-bounds Write vulnerability in Fortinet Forticlient A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. network low complexity fortinet CWE-787	6.5
2020-02-06	CVE-2019-16152	Improper Input Validation vulnerability in Fortinet Forticlient A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. network low complexity fortinet CWE-20	6.5