CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2017-7732
https://notcve.org/view.php?id=CVE-2017-7732
26 Oct 2017 — A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la página de inicio de sesión preautenticación al webmail personalizada de Fortinet FortiMail 5.1 y anteriores, desde la versión 5.2.0 hasta la 5.2.9 y la versión 5.3.0 hasta la 5.3.... • http://www.securityfocus.com/bid/101278 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2017-3125
https://notcve.org/view.php?id=CVE-2017-3125
12 Apr 2017 — An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. Una vulnerabilidad XSS no autenticada con FortiMail 5.0.0 - 5.2.9 y 5.3.0 - 5.3.8 podría permitir a un atacante ejecutar secuencias de comandos arbitrarias en el contexto de seguridad del navegador de una víctima reg... • http://fortiguard.com/psirt/FG-IR-17-011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3293
https://notcve.org/view.php?id=CVE-2015-3293
14 Apr 2015 — FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. FortiMail 5.0.3 hasta 5.2.3 permite a administradores remotos obtener credenciales a través del comando 'diag debug application httpd'. • http://www.fortiguard.com/advisory/FG-IR-15-009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 1CVE-2014-8617
https://notcve.org/view.php?id=CVE-2014-8617
04 Mar 2015 — Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. Vulnerabilidad de XSS en la característica Web Action Quarantine Release en la interfaz gráfica del usuario Web en Fortinet FortiMail anterior a 4.3.9, 5.0.x anterior a 5.0.8, 5.1.x anterior a 5.1.5... • http://seclists.org/fulldisclosure/2015/Mar/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 2CVE-2013-1471 – Fortinet FortiMail 400 IBE - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1471
04 Feb 2013 — Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/F... • https://www.exploit-db.com/exploits/24435 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •