CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-17541
https://notcve.org/view.php?id=CVE-2017-17541
16 Jul 2018 — A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. Una vulnerabilidad de Cross-Site Scripting (XSS) en Fortinet FortiManager 6.0.0, 5.6.4 y anteriores y FortiAnalyzer 6.0.0, 5.6.4 y anteriores permite inyectar código JavaScript y etiquetas HTML mediante el valor CN de los cer... • http://www.securitytracker.com/id/1041246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 18EXPL: 0CVE-2016-8495
https://notcve.org/view.php?id=CVE-2016-8495
13 Feb 2017 — An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. Una vulnerabilidad de validación de certificado incorrecto en Fortinet FortiManager 5.0.6 hasta la versión 5.2.7 y 5.4.0 hasta la versión 5.4.1 permite a atacantes remotos suplantar una entidad de confianza utilizando un ataque man-in-the-middle (MITM) a t... • http://www.securityfocus.com/bid/96157 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 32EXPL: 0CVE-2015-7363
https://notcve.org/view.php?id=CVE-2015-7363
07 Oct 2016 — Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. Vulnerabilidad de XSS en la página de configuración avanzada en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.3, en los ... • http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 38EXPL: 0CVE-2016-3193
https://notcve.org/view.php?id=CVE-2016-3193
19 Aug 2016 — Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la aplicación web del dispositivo en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12, 5.2.x en versiones anteriores a 5.2.6 y 5.4.x en ve... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2016-3194
https://notcve.org/view.php?id=CVE-2016-3194
19 Aug 2016 — Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de dirección de agregado en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versio... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2016-3195
https://notcve.org/view.php?id=CVE-2016-3195
19 Aug 2016 — Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web-UI en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atac... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0CVE-2016-3196
https://notcve.org/view.php?id=CVE-2016-3196
05 Aug 2016 — Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Vulnerabilidad de XSS en Fortinet FortiAnalyzer 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2015-8037 – FortiManager 5.2.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-8037
25 Sep 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. Múltiples vulnerabilidades de XSS en la Graphical User Interface (GUI) en Fortinet FortiManager en versiones anteriores a 5.2.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) SOMVpnSSLPortalDialog o (2) FGDMngUpdHistory. F... • https://packetstorm.news/files/id/133706 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2015-8038 – FortiManager 5.2.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-8038
25 Sep 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. Múltiples vulnerabilidades de XSS en la Graphical User Interface (GUI) en Fortinet FortiManager en versiones anteriores a 5.2.4 permiten a atacantes remotos inyectar comandos web arbitrarios o HTML a través de (1) sharedjobmanager o (2) SOMServiceObjDialog. FortiMa... • https://packetstorm.news/files/id/133706 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •