CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14190
https://notcve.org/view.php?id=CVE-2017-14190
29 Jan 2018 — A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests. Una vulnerabilidad de Cross-Site Scripting (XSS) en Fortinet FortiOS 5.6.0 a 5.6.2; 5.4.0 a 5.4.7 y 5.2 y anteriores permite que un atacante inyecte scripts web o HTML arbitrarios mediante una cabecera "Host" maliciosamente manipulada en las peticiones HTTP de usuario. • http://www.securityfocus.com/bid/102779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2017-7738
https://notcve.org/view.php?id=CVE-2017-7738
13 Dec 2017 — An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. Una vulnerabilidad de divulgación de información en Fortinet FortiOS de la versión 5.6.0 a la 5.6.2; 5.4.0 a la 5.4.5 y la versión 5.2 y anteriores permite que un usuario administrador con privilegios super_admin vea la informa... • http://www.securityfocus.com/bid/102151 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 5%CPEs: 4EXPL: 1CVE-2017-14186 – FortiGate SSL VPN Portal 5.x Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-14186
29 Nov 2017 — A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Fortinet FortiOS versión 6.0.0 hasta 6.0.4, versión 5.6.0 hasta 5.6.7, versión... • https://packetstorm.news/files/id/145196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 19EXPL: 0CVE-2017-7739
https://notcve.org/view.php?id=CVE-2017-7739
13 Nov 2017 — A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. Una vulnerabilidad de Cross-Site Scripting reflejado en las páginas web de respuesta a mensajes de proxies web en Fortinet FortiOS en versiones 5.6.0, 5.4.0 a la 5.4.5 y la 5.2.0 a la 5.2.11 ... • http://www.securityfocus.com/bid/101679 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2017-7735
https://notcve.org/view.php?id=CVE-2017-7735
12 Sep 2017 — A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS desde la versión 5.2.0 hasta la 5.2.11 y 5.4.0 hasta la 5.4.4 permite que atacantes remotos ejecuten código o comandos sin autorización mediante la entrada "Groups" al crear o editar grupos de usuarios. • http://www.securityfocus.com/bid/99098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2017-3130
https://notcve.org/view.php?id=CVE-2017-3130
10 Aug 2017 — An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets. Una vulnerabilidad de divulgación de información en Fortinet FortiOS 5.6.0, 5.4.4 y versiones inferiores permite que un atacante obtenga la información de la versión de FortiOS mediante la inspección de paquetes FortiOS IKE VendorID. • http://www.securityfocus.com/bid/100211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 2CVE-2017-3132 – Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-3132
28 Jul 2017 — A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS en su versión 5.6.0 y anteriores permite que atacantes remotos ejecuten código o comandos sin autorización mediante la entrada de acción durante la activación de un FortiToken. FortiOS versions 5.6.0 and below suffer from multiple cross site ... • https://packetstorm.news/files/id/143543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 8%CPEs: 1EXPL: 2CVE-2017-3133 – Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-3133
28 Jul 2017 — A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. Una vulnerabilidad de tipo Cross-Site Scripting en Fortinet FortiOS en su versión 5.6.0 y anteriores permite que atacantes remotos ejecuten código o comandos sin autorización mediante el código HTML de los mensajes de reemplazo para SSL-VPN. FortiOS versions 5.6.0 and below suffer from multiple cross site scripting vulnera... • https://packetstorm.news/files/id/143543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2017-3127
https://notcve.org/view.php?id=CVE-2017-3127
01 Jun 2017 — A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. Una vulnerabilidad de tipo cross-site-scripting en FortiGate versiones 5.2.0 a 5.2.10 de Fortinet, permite al atacante ejecutar código o comandos no autorizados por medio del parámetro srcintf durante la Creación de Políticas de Firewall. • http://www.securityfocus.com/bid/98048 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 26EXPL: 0CVE-2017-3128
https://notcve.org/view.php?id=CVE-2017-3128
23 May 2017 — A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. Una vulnerabilidad tipo XSS (Cross-Site-Scripting) almacenado en FortiOS de Fortinet, permite a los atacantes ejecutar código o comandos no autorizados por medio del parámetro policy global-label. • http://www.securityfocus.com/bid/98514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •