Vulnerabilities > Fortinet > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-11 | CVE-2015-3615 | Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | 5.4 |
2017-08-10 | CVE-2017-7737 | Files or Directories Accessible to External Parties vulnerability in Fortinet Fortiweb An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | 4.9 |
2017-06-01 | CVE-2017-3127 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | 6.1 |
2017-05-27 | CVE-2017-7343 | Open Redirect vulnerability in Fortinet Fortiportal An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | 6.1 |
2017-05-27 | CVE-2017-7339 | Cross-site Scripting vulnerability in Fortinet Fortiportal A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | 6.1 |
2017-05-27 | CVE-2017-3129 | Cross-site Scripting vulnerability in Fortinet Fortiweb A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. | 6.1 |
2017-05-27 | CVE-2017-3126 | Open Redirect vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | 6.1 |
2017-05-23 | CVE-2017-3128 | Cross-site Scripting vulnerability in Fortinet Fortios A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | 4.8 |
2017-04-12 | CVE-2017-3125 | Cross-site Scripting vulnerability in Fortinet Fortimail An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. | 6.1 |
2017-03-30 | CVE-2016-7542 | Information Exposure vulnerability in Fortinet Fortios A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. | 4.9 |