NotCVE - vendor:"Fortinet" product:"Fortianalyzer Firmware" version:" <= 5.6.4"

Page 2 of 12 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-2336

https://notcve.org/view.php?id=CVE-2014-2336

31 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. Múltiples vulnerabilidades de XSS en la interfaz del usuario de web en Fortinet FortiManager anterior a 5.0.7 y FortiAnalyzer anterior a 5.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML... • http://secunia.com/advisories/61309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 3

CVE-2013-6826 – Fortinet FortiAnalyzer - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2013-6826

19 Nov 2013 — cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. cgi-bin/module/sysmanager/admin/SYSAdminUserDialog en Fortinet FortiAnalyzer anterior a la versión 5.0.5 no valida adecuadamente el parámetro csrf_token, lo que permite a atacantes remotos realizar ataques de CSRF. • https://www.exploit-db.com/exploits/38824 • CWE-352: Cross-Site Request Forgery (CSRF) •

1 2