Vulnerabilities > Fortinet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-13 | CVE-2023-41681 | Cross-site Scripting vulnerability in Fortinet Fortisandbox A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.1 |
| 2023-10-13 | CVE-2023-41836 | Cross-site Scripting vulnerability in Fortinet Fortisandbox An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.1 |
| 2023-10-13 | CVE-2023-41843 | Cross-site Scripting vulnerability in Fortinet Fortisandbox A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 5.4 |
| 2023-10-10 | CVE-2023-25604 | Information Exposure Through Log Files vulnerability in Fortinet Fortiguest 1.0.0 An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. | 5.5 |
| 2023-10-10 | CVE-2023-33301 | Unspecified vulnerability in Fortinet Fortios An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | 4.3 |
| 2023-10-10 | CVE-2023-36555 | Cross-site Scripting vulnerability in Fortinet Fortios An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | 5.4 |
| 2023-10-10 | CVE-2023-36637 | Cross-site Scripting vulnerability in Fortinet Fortimail An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | 5.4 |
| 2023-10-10 | CVE-2023-41675 | Use After Free vulnerability in Fortinet Fortios and Fortiproxy A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | 5.3 |
| 2023-10-10 | CVE-2023-42782 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortianalyzer A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | 5.3 |
| 2023-10-10 | CVE-2023-42787 | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | 6.5 |