Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-13 CVE-2017-7739 Cross-site Scripting vulnerability in Fortinet Fortios
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.
network
low complexity
fortinet CWE-79
6.1
2017-10-27 CVE-2017-7733 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter.
network
low complexity
fortinet CWE-79
6.1
2017-10-27 CVE-2017-14182 Improper Input Validation vulnerability in Fortinet Fortios
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API.
network
low complexity
fortinet CWE-20
6.5
2017-10-26 CVE-2017-7732 Cross-site Scripting vulnerability in Fortinet Fortimail
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.
network
low complexity
fortinet CWE-79
6.1
2017-10-26 CVE-2017-7335 Cross-site Scripting vulnerability in Fortinet Fortiwlc
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.
network
low complexity
fortinet CWE-79
5.4
2017-09-12 CVE-2017-7735 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.
network
low complexity
fortinet CWE-79
5.4
2017-09-12 CVE-2017-7734 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
network
low complexity
fortinet CWE-79
5.4
2017-09-12 CVE-2017-3133 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
network
low complexity
fortinet CWE-79
6.1
2017-09-12 CVE-2017-3132 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
network
low complexity
fortinet CWE-79
6.1
2017-09-12 CVE-2017-3131 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
network
low complexity
fortinet CWE-79
5.4