CVE-2014-8619
https://notcve.org/view.php?id=CVE-2014-8619
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vunerabilidad de XSS en la página de configuración de autolearn en Fortinet FortiWeb 5.1.2 hasta la versión 5.3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securitytracker.com/id/1032307 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4738
https://notcve.org/view.php?id=CVE-2014-4738
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg. Múltiples vulnerabilidades de XSS en FortiGuard FortiWeb 5.0.x, 5.1.x y 5.2.x anterior a 5.2.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados en (1) user/ldap_user/check_dlg o (2) user/radius_user/check_dlg. • http://secunia.com/advisories/59882 http://www.fortiguard.com/advisory/FG-IR-14-012 http://www.securityfocus.com/bid/68528 http://www.securitytracker.com/id/1030556 https://exchange.xforce.ibmcloud.com/vulnerabilities/94649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3115
https://notcve.org/view.php?id=CVE-2014-3115
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Múltiples vulnerabilidades de CSRF en la consola de administración web en Fortinet FortiWeb en versiones anteriores a 5.2.0 permiten a atacantes remotos secuestrar la autenticación de administradores a través de system/config/adminadd y otros vectores no especificados. • http://seclists.org/fulldisclosure/2014/May/30 http://www.fortiguard.com/advisory/FG-IR-14-013 http://www.kb.cert.org/vuls/id/902790 http://www.securitytracker.com/id/1030200 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-1957
https://notcve.org/view.php?id=CVE-2014-1957
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. FortiGuard FortiWeb anterior a 5.0.3 permite a usuarios remotos autenticados ganar privilegios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-13-009 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-1955
https://notcve.org/view.php?id=CVE-2014-1955
Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en FortiGuard FortiWeb anterior a 5.0.3 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-13-009 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •