12 results (0.014 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. Una vulnerabilidad de Cross-Site Scripting (XSS) en Fortinet FortiManager 6.0.0, 5.6.4 y anteriores y FortiAnalyzer 6.0.0, 5.6.4 y anteriores permite inyectar código JavaScript y etiquetas HTML mediante el valor CN de los certificados CA y CRL mediante la característica de importación de certificados CA y CRL. • http://www.securitytracker.com/id/1041246 http://www.securitytracker.com/id/1041247 https://fortiguard.com/advisory/FG-IR-17-305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. Fortinet FortiManager 5.0 en versiones anteriores a la 5.0.11 y 5.2 en versiones anteriores a la 5.2.2 permite que usuarios locales obtengan privilegios mediante comandos CLI manipulados. • http://www.securityfocus.com/bid/74444 http://www.securitytracker.com/id/1032188 https://fortiguard.com/psirt/FG-IR-15-011 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0

Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y en versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos obtengan archivos arbitrarios mediante vectores que implican otra vulnerabilidad sin especificar. • http://www.securityfocus.com/bid/74444 http://www.securitytracker.com/id/1032188 https://fortiguard.com/psirt/FG-IR-15-011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0

SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. Una vulnerabilidad de inyección SQL en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos ejecuten comandos arbitrarios mediante parámetros sin especificar. • http://www.securityfocus.com/bid/74444 http://www.securitytracker.com/id/1032188 https://fortiguard.com/psirt/FG-IR-15-011 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 32EXPL: 0

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. Vulnerabilidad de XSS en la página de configuración avanzada en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.3, en los modelos de hardware con un disco duro y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con filtros de informe. • http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters http://www.securityfocus.com/bid/93413 http://www.securitytracker.com/id/1036981 http://www.securitytracker.com/id/1036982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •