Vulnerabilities > Watchguard > Fireware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-31792 | Cross-site Scripting vulnerability in Watchguard Fireware A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. | 5.4 |
| 2022-02-24 | CVE-2022-25290 | Unspecified vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. | 6.5 |
| 2022-02-24 | CVE-2022-25363 | Out-of-bounds Write vulnerability in Watchguard Fireware WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. | 6.5 |
| 2019-08-23 | CVE-2016-6154 | Open Redirect vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 6.1 |
| 2017-09-20 | CVE-2017-14615 | Cross-site Scripting vulnerability in Watchguard Fireware An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. | 6.1 |
| 2017-04-22 | CVE-2017-8056 | XXE vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1 WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. | 5.3 |
| 2017-04-22 | CVE-2017-8055 | Information Exposure Through Discrepancy vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1 WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. | 5.3 |