CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5092
https://notcve.org/view.php?id=CVE-2016-5092
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature. Vulnerabilidad de salto de directorio en Fortinet FortiWeb en versiones anteriores a 5.5.3 permite a administradores remotos autenticados con privilegios de lectura y escritura leer archivos arbitrarios mediante el aprovechamiento de una función de aprendizaje automático. • http://fortiguard.com/advisory/fortiweb-path-traversal-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-4738
https://notcve.org/view.php?id=CVE-2014-4738
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg. Múltiples vulnerabilidades de XSS en FortiGuard FortiWeb 5.0.x, 5.1.x y 5.2.x anterior a 5.2.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados en (1) user/ldap_user/check_dlg o (2) user/radius_user/check_dlg. • http://secunia.com/advisories/59882 http://www.fortiguard.com/advisory/FG-IR-14-012 http://www.securityfocus.com/bid/68528 http://www.securitytracker.com/id/1030556 https://exchange.xforce.ibmcloud.com/vulnerabilities/94649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3115
https://notcve.org/view.php?id=CVE-2014-3115
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Múltiples vulnerabilidades de CSRF en la consola de administración web en Fortinet FortiWeb en versiones anteriores a 5.2.0 permiten a atacantes remotos secuestrar la autenticación de administradores a través de system/config/adminadd y otros vectores no especificados. • http://seclists.org/fulldisclosure/2014/May/30 http://www.fortiguard.com/advisory/FG-IR-14-013 http://www.kb.cert.org/vuls/id/902790 http://www.securitytracker.com/id/1030200 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1458
https://notcve.org/view.php?id=CVE-2014-1458
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la interfaz de administración Web en FortiGuard FortiWeb 5.0.3 y anteriores permite a administradores autenticados remotos inyectar script Web o HTML arbitrario a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-14-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/90978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7181 – FortiWeb 5.0.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-7181
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Vulnerabilidad de XSS en user/ldap_user/add en Fortinet FortiOS 5.0.3 permite a atacantes remotos inyectar script Web o HTML arbitrario a través del parámetro filter. FortiWeb version 5.0.3 suffers from a reflective cross site scripting vulnerability. • http://archives.neohapsis.com/archives/fulldisclosure/2014-02/0015.html http://osvdb.org/102820 http://secunia.com/advisories/56732 http://www.fortiguard.com/advisory/FG-IR-14-002 http://www.kb.cert.org/vuls/id/593118 http://www.securityfocus.com/bid/65303 http://www.securitytracker.com/id/1029731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •