CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23776
https://notcve.org/view.php?id=CVE-2023-23776
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer • https://fortiguard.com/psirt/FG-IR-22-447 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25611
https://notcve.org/view.php?id=CVE-2023-25611
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. • https://fortiguard.com/psirt/FG-IR-22-488 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30304
https://notcve.org/view.php?id=CVE-2022-30304
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer. • https://fortiguard.com/psirt/FG-IR-22-166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •