Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-11 CVE-2015-3615 Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
network
low complexity
fortinet CWE-79
5.4
2017-08-10 CVE-2017-7737 Files or Directories Accessible to External Parties vulnerability in Fortinet Fortiweb
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
network
low complexity
fortinet CWE-552
4.9
2017-06-01 CVE-2017-3127 Cross-site Scripting vulnerability in Fortinet Fortios
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
network
low complexity
fortinet CWE-79
6.1
2017-05-27 CVE-2017-7343 Open Redirect vulnerability in Fortinet Fortiportal
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
network
low complexity
fortinet CWE-601
6.1
2017-05-27 CVE-2017-7339 Cross-site Scripting vulnerability in Fortinet Fortiportal
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
network
low complexity
fortinet CWE-79
6.1
2017-05-27 CVE-2017-3129 Cross-site Scripting vulnerability in Fortinet Fortiweb
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.
network
low complexity
fortinet CWE-79
6.1
2017-05-27 CVE-2017-3126 Open Redirect vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
network
low complexity
fortinet CWE-601
6.1
2017-05-23 CVE-2017-3128 Cross-site Scripting vulnerability in Fortinet Fortios
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.
network
low complexity
fortinet CWE-79
4.8
2017-04-12 CVE-2017-3125 Cross-site Scripting vulnerability in Fortinet Fortimail
An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.
network
low complexity
fortinet CWE-79
6.1
2017-03-30 CVE-2016-7542 Information Exposure vulnerability in Fortinet Fortios
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.
network
low complexity
fortinet CWE-200
4.9