CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2014-8619
https://notcve.org/view.php?id=CVE-2014-8619
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vunerabilidad de XSS en la página de configuración de autolearn en Fortinet FortiWeb 5.1.2 hasta la versión 5.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securitytracker.com/id/1032307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 2CVE-2015-3620 – Fortinet FortiAnalyzer / FortiManager Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-3620
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de los informes de dataset avanzados en Fortinet FortiAnalyzer 5.0.0 hasta 5.0.10 y 5.2.0 hasta 5.2.1 y FortiManager 5.0.3 hasta 5.0.10 y 5.2.0 hasta 5.2.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. Fortinet FortiAnalyzer and FortiManager suffer from a client-side cross site scripting vulnerability. • http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/May/13 http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securityfocus.com/archive/1/535452/100/0/threaded http://www.securityfocus.com/bid/74646 http://www.securitytracker.com/id/1032262 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3293
https://notcve.org/view.php?id=CVE-2015-3293
FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. FortiMail 5.0.3 hasta 5.2.3 permite a administradores remotos obtener credenciales a través del comando 'diag debug application httpd'. • http://www.fortiguard.com/advisory/FG-IR-15-009 http://www.securitytracker.com/id/1032185 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 90%CPEs: 1EXPL: 3CVE-2015-2281 – Fortinet Single Sign On - Stack Overflow
https://notcve.org/view.php?id=CVE-2015-2281
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000. Desbordamiento de buffer basado en pila en collectoragent.exe en Fortinet Single Sign On (FSSO) anterior a build 164 permite a atacantes remotos ejecutar código arbitrario a través de un mensaje largo de PROCESS_HELLO al Message Dispatcher en el puerto TCP 8000. • https://www.exploit-db.com/exploits/36422 http://seclists.org/fulldisclosure/2015/Mar/111 http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow http://www.fortiguard.com/advisory/2015-02-27-fsso-stack-based-buffer-overflow http://www.fortiguard.com/advisory/FG-IR-15-006 http://www.osvdb.org/119719 http://www.securityfocus.com/archive/1/534918/100/0/threaded http://www.securityfocus.com/bid/73206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 1CVE-2014-8617
https://notcve.org/view.php?id=CVE-2014-8617
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. Vulnerabilidad de XSS en la característica Web Action Quarantine Release en la interfaz gráfica del usuario Web en Fortinet FortiMail anterior a 4.3.9, 5.0.x anterior a 5.0.8, 5.1.x anterior a 5.1.5, y 5.2.x anterior a 5.2.3 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML arbitrarios a través del parámetro release en module/releasecontrol. • http://seclists.org/fulldisclosure/2015/Mar/5 http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securitytracker.com/id/1031859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •