CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33874
https://notcve.org/view.php?id=CVE-2022-33874
10 Oct 2022 — An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. Unas vulnerabilidades de neutralización inapropiada de los elementos especiales usados en un comando del Sistema Operativo ("Inyección de Comandos del Sistema Operativo") [CWE-78] en los compon... • https://fortiguard.com/psirt/FG-IR-22-237 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33872
https://notcve.org/view.php?id=CVE-2022-33872
10 Oct 2022 — An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell. Unas vulnerabilidades de neutralización inapropiada de los elementos especiales usados en un Comando del Sistema Operativo ("Inyección de Comandos del Sistema Operativo") [CWE-78] en los com... • https://fortiguard.com/psirt/FG-IR-22-237 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35844
https://notcve.org/view.php?id=CVE-2022-35844
10 Oct 2022 — An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. Una neutralización inapropiada de los elementos especiales usados en una vulnerabilidad de comandos del Sistema Operativo [CWE-78] en la interfaz de administración ... • https://fortiguard.com/psirt/FG-IR-22-247 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-12815
https://notcve.org/view.php?id=CVE-2020-12815
24 Sep 2020 — An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. Una vulnerabilidad de neutralización inapropiada de la entrada en FortiTester versiones anteriores a 3.9.0, puede permitir a un atacante autenticado remoto inyectar etiquetas HTML relacionadas con el script mediante campos de dirección IPv4/IPv6. • https://fortiguard.com/advisory/FG-IR-20-054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-12817
https://notcve.org/view.php?id=CVE-2020-12817
24 Sep 2020 — An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. Una vulnerabilidad de neutralización inapropiada de la entrada en FortiAnalyzer versiones anteriores a 6.4.1 y 6.2.5, puede permitir a un atacante autenticado remoto inyectar etiquetas HTML relacionadas con script por medio del parámetro Name de Conectores de Almacenamiento. • https://fortiguard.com/advisory/FG-IR-20-054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •