CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1351
https://notcve.org/view.php?id=CVE-2018-1351
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. Una vulnerabilidad Cross-Site Scripting (XSS) en Fortinet FortiManager en versiones 6.0.0, 5.6.6 y anteriores permite que un atacante ejecute código HTML/javascript mediante comandos de interfaz de línea de comandos CLI de los dispositivos remotos administrados al visualizar el log de instalación de la configuración de CLI del dispositivo remoto. • http://www.securityfocus.com/bid/104533 http://www.securitytracker.com/id/1041181 https://fortiguard.com/advisory/FG-IR-18-006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1354
https://notcve.org/view.php?id=CVE-2018-1354
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. Una vulnerabilidad de control de acceso incorrecto en Fortinet FortiManager en versiones 6.0.0 y 5.6.5 y anteriores y FortiAnalyzer en versiones 6.0.0 y 5.6.5 y anteriores permite que un usuario regular edite la imagen de avatar de otros usuarios con contenido arbitrario. • http://www.securityfocus.com/bid/104537 http://www.securitytracker.com/id/1041182 http://www.securitytracker.com/id/1041183 https://fortiguard.com/advisory/FG-IR-18-014 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1355
https://notcve.org/view.php?id=CVE-2018-1355
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. Una vulnerabilidad de redirección abierta en Fortinet FortiManager en versiones 6.0.0, 5.6.5 y anteriores y en FortiAnalyzer en versiones 6.0.0, 5.6.5 y anteriores permite que un atacante inyecte código de script durante la conversión de una tabla HTML a documento HTML en la característica FortiView. Un atacante podría ser capaz de emplear ingeniería social sobre un usuario autenticado para que genere un archivo PDF que contiene URL maliciosas inyectadas. • http://www.securityfocus.com/bid/104546 http://www.securitytracker.com/id/1041184 http://www.securitytracker.com/id/1041185 https://fortiguard.com/advisory/FG-IR-18-022 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2336
https://notcve.org/view.php?id=CVE-2014-2336
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. Múltiples vulnerabilidades de XSS en la interfaz del usuario de web en Fortinet FortiManager anterior a 5.0.7 y FortiAnalyzer anterior a 5.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-2334 y CVE-2014-2335. • http://secunia.com/advisories/61309 http://www.fortiguard.com/advisory/FG-IR-14-033 http://www.securityfocus.com/bid/70889 https://exchange.xforce.ibmcloud.com/vulnerabilities/98479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2005-4570
https://notcve.org/view.php?id=CVE-2005-4570
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://secunia.com/advisories/18446 http://www.fortinet.com/FortiGuardCenter/VU226364.html http://www.securityfocus.com/bid/15997 http://www.vupen.com/english/advisories/2006/0182 •