CVE-2015-7363
https://notcve.org/view.php?id=CVE-2015-7363
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. Vulnerabilidad de XSS en la página de configuración avanzada en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.3, en los modelos de hardware con un disco duro y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con filtros de informe. • http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters http://www.securityfocus.com/bid/93413 http://www.securitytracker.com/id/1036981 http://www.securitytracker.com/id/1036982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-3195
https://notcve.org/view.php?id=CVE-2016-3195
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web-UI en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability http://www.securityfocus.com/bid/92453 http://www.securitytracker.com/id/1036550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-3194
https://notcve.org/view.php?id=CVE-2016-3194
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de dirección de agregado en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability http://www.securityfocus.com/bid/92456 http://www.securitytracker.com/id/1036550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-3193
https://notcve.org/view.php?id=CVE-2016-3193
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la aplicación web del dispositivo en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12, 5.2.x en versiones anteriores a 5.2.6 y 5.4.x en versiones anteriores a 5.4.1 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13, 5.2.x en versiones anteriores a 5.2.6 y 5.4.x en versiones anteriores a 5.4.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1 http://www.securityfocus.com/bid/92458 http://www.securitytracker.com/id/1036550 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-3196
https://notcve.org/view.php?id=CVE-2016-3196
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Vulnerabilidad de XSS en Fortinet FortiAnalyzer 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de archivo de una imagen cargada en la sección del informe. • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability http://seclists.org/fulldisclosure/2016/Aug/4 http://www.securityfocus.com/archive/1/539069/100/0/threaded http://www.securityfocus.com/bid/92203 http://www.securitytracker.com/id/1036550 http://www.securitytracker.com/id/1036551 http://www.vulnerability-lab.com/get_content.php?id=1687 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •