CVE-2016-3196
https://notcve.org/view.php?id=CVE-2016-3196
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Vulnerabilidad de XSS en Fortinet FortiAnalyzer 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de archivo de una imagen cargada en la sección del informe. • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability http://seclists.org/fulldisclosure/2016/Aug/4 http://www.securityfocus.com/archive/1/539069/100/0/threaded http://www.securityfocus.com/bid/92203 http://www.securitytracker.com/id/1036550 http://www.securitytracker.com/id/1036551 http://www.vulnerability-lab.com/get_content.php?id=1687 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-8037 – FortiManager 5.2.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-8037
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. Múltiples vulnerabilidades de XSS en la Graphical User Interface (GUI) en Fortinet FortiManager en versiones anteriores a 5.2.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) SOMVpnSSLPortalDialog o (2) FGDMngUpdHistory. FortiManager version 5.2.2 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/38316 http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-8038 – FortiManager 5.2.2 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-8038
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. Múltiples vulnerabilidades de XSS en la Graphical User Interface (GUI) en Fortinet FortiManager en versiones anteriores a 5.2.4 permiten a atacantes remotos inyectar comandos web arbitrarios o HTML a través de (1) sharedjobmanager o (2) SOMServiceObjDialog. FortiManager version 5.2.2 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/38316 http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •