Page 138 of 797 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. Existe una vulnerabilidad en el manejo de contraseñas en Fortinet FortiPortal en versiones anteriores a la 4.0.0 que permite a los atacantes divulgar información mediante FortiAnalyzer Management View. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. Una vulnerabilidad de tipo Cross-Site Scripting en FortiPortal versiones 4.0.0 y anteriores de Fortinet, permite a un atacante ejecutar código o comandos no autorizados por medio de las entradas "Name" y "Description" en la funcionalidad "Add Revision Backup". • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. Una vulnerabilidad de redirección abierta en Fortigate FortiPortal 4.0.0 y posterior permite al atacante ejecutar código no autorizado o comandos a través del parámetro url. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. Vulnerabilidad de recuperación de contraseña débil en Fortigate FortiPortal versiones 4.0.0 y siguientes permite al atacante llevar a cabo la divulgación de información a través de la función de contraseña olvidada. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 4.8EPSS: 0%CPEs: 26EXPL: 0

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. Una vulnerabilidad tipo XSS (Cross-Site-Scripting) almacenado en FortiOS de Fortinet, permite a los atacantes ejecutar código o comandos no autorizados por medio del parámetro policy global-label. • http://www.securityfocus.com/bid/98514 http://www.securitytracker.com/id/1038541 https://fortiguard.com/psirt/FG-IR-17-057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •