CVE-2017-7338
https://notcve.org/view.php?id=CVE-2017-7338
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. Existe una vulnerabilidad en el manejo de contraseñas en Fortinet FortiPortal en versiones anteriores a la 4.0.0 que permite a los atacantes divulgar información mediante FortiAnalyzer Management View. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-7339
https://notcve.org/view.php?id=CVE-2017-7339
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. Una vulnerabilidad de tipo Cross-Site Scripting en FortiPortal versiones 4.0.0 y anteriores de Fortinet, permite a un atacante ejecutar código o comandos no autorizados por medio de las entradas "Name" y "Description" en la funcionalidad "Add Revision Backup". • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-7343
https://notcve.org/view.php?id=CVE-2017-7343
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. Una vulnerabilidad de redirección abierta en Fortigate FortiPortal 4.0.0 y posterior permite al atacante ejecutar código no autorizado o comandos a través del parámetro url. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2017-7731
https://notcve.org/view.php?id=CVE-2017-7731
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. Vulnerabilidad de recuperación de contraseña débil en Fortigate FortiPortal versiones 4.0.0 y siguientes permite al atacante llevar a cabo la divulgación de información a través de la función de contraseña olvidada. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVE-2017-3128
https://notcve.org/view.php?id=CVE-2017-3128
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. Una vulnerabilidad tipo XSS (Cross-Site-Scripting) almacenado en FortiOS de Fortinet, permite a los atacantes ejecutar código o comandos no autorizados por medio del parámetro policy global-label. • http://www.securityfocus.com/bid/98514 http://www.securitytracker.com/id/1038541 https://fortiguard.com/psirt/FG-IR-17-057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •