CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3129
https://notcve.org/view.php?id=CVE-2017-3129
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. Una vulnerabilidad de tipo Cross-Site Scripting en FortiWeb, versiones 5.7.1 y anteriores de Fortinet, permite a un atacante ejecutar código o comandos no autorizados por medio de un parámetro POST saneado inapropiadamente en la funcionalidad FortiWeb Site Publisher. • http://www.securityfocus.com/bid/98382 https://fortiguard.com/psirt/FG-IR-17-076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4066
https://notcve.org/view.php?id=CVE-2016-4066
Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors. Vulnerabilidad de CSRF en Fortinet FortiWeb en versiones anteriores a 5.5.3 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones de cambio de contraseña a través de vectores no especificados. • http://fortiguard.com/advisory/fortiweb-csrf-vulnerability http://www.securityfocus.com/bid/91768 http://www.securitytracker.com/id/1036194 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5092
https://notcve.org/view.php?id=CVE-2016-5092
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. Vulnerabilidad de salto de directorio en Fortinet FortiWeb en versiones anteriores a 5.5.3 permite a administradores remotos autenticados con privilegios de lectura y escritura leer archivos arbitrarios mediante el aprovechamiento de una función de aprendizaje automático. • http://fortiguard.com/advisory/fortiweb-path-traversal-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2014-8619
https://notcve.org/view.php?id=CVE-2014-8619
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vunerabilidad de XSS en la página de configuración de autolearn en Fortinet FortiWeb 5.1.2 hasta la versión 5.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securitytracker.com/id/1032307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4738
https://notcve.org/view.php?id=CVE-2014-4738
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg. Múltiples vulnerabilidades de XSS en FortiGuard FortiWeb 5.0.x, 5.1.x y 5.2.x anterior a 5.2.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados en (1) user/ldap_user/check_dlg o (2) user/radius_user/check_dlg. • http://secunia.com/advisories/59882 http://www.fortiguard.com/advisory/FG-IR-14-012 http://www.securityfocus.com/bid/68528 http://www.securitytracker.com/id/1030556 https://exchange.xforce.ibmcloud.com/vulnerabilities/94649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •