Page 57 of 797 results (0.007 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-41334

https://notcve.org/view.php?id=CVE-2022-41334

An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. • https://fortiguard.com/psirt/FG-IR-22-224 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-39948

https://notcve.org/view.php?id=CVE-2022-39948

An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy) • https://fortiguard.com/psirt/FG-IR-22-257 • CWE-295: Improper Certificate Validation •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2022-30304

https://notcve.org/view.php?id=CVE-2022-30304

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer. • https://fortiguard.com/psirt/FG-IR-22-166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-38376

https://notcve.org/view.php?id=CVE-2022-38376

Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-38375

https://notcve.org/view.php?id=CVE-2022-38375

An improper authorization vulnerability [CWE-285]  in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. • https://fortiguard.com/psirt/FG-IR-22-329 • CWE-285: Improper Authorization •