CVE-2014-1956
https://notcve.org/view.php?id=CVE-2014-1956
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en FortiGuard FortiWeb anterior a 5.0.3 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-13-009 •
CVE-2014-1955
https://notcve.org/view.php?id=CVE-2014-1955
Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en FortiGuard FortiWeb anterior a 5.0.3 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-13-009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-1957
https://notcve.org/view.php?id=CVE-2014-1957
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. FortiGuard FortiWeb anterior a 5.0.3 permite a usuarios remotos autenticados ganar privilegios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-13-009 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-1458
https://notcve.org/view.php?id=CVE-2014-1458
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de administración Web en FortiGuard FortiWeb 5.0.3 y anteriores permite a administradores autenticados remotos inyectar script Web o HTML arbitrario a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-14-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/90978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-7181 – FortiWeb 5.0.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-7181
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Vulnerabilidad de XSS en user/ldap_user/add en Fortinet FortiOS 5.0.3 permite a atacantes remotos inyectar script Web o HTML arbitrario a través del parámetro filter. FortiWeb version 5.0.3 suffers from a reflective cross site scripting vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0015.html http://osvdb.org/102820 http://secunia.com/advisories/56732 http://www.fortiguard.com/advisory/FG-IR-14-002 http://www.kb.cert.org/vuls/id/593118 http://www.securityfocus.com/bid/65303 http://www.securitytracker.com/id/1029731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •