CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 2CVE-2015-3620 – Fortinet FortiAnalyzer / FortiManager Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-3620
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de los informes de dataset avanzados en Fortinet FortiAnalyzer 5.0.0 hasta 5.0.10 y 5.2.0 hasta 5.2.1 y FortiManager 5.0.3 hasta 5.0.10 y 5.2.0 hasta 5.2.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. Fortinet FortiAnalyzer and FortiManager suffer from a client-side cross site scripting vulnerability. • http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/May/13 http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securityfocus.com/archive/1/535452/100/0/threaded http://www.securityfocus.com/bid/74646 http://www.securitytracker.com/id/1032262 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2336
https://notcve.org/view.php?id=CVE-2014-2336
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. Múltiples vulnerabilidades de XSS en la interfaz del usuario de web en Fortinet FortiManager anterior a 5.0.7 y FortiAnalyzer anterior a 5.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-2334 y CVE-2014-2335. • http://secunia.com/advisories/61309 http://www.fortiguard.com/advisory/FG-IR-14-033 http://www.securityfocus.com/bid/70889 https://exchange.xforce.ibmcloud.com/vulnerabilities/98479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •