CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7542
https://notcve.org/view.php?id=CVE-2016-7542
30 Mar 2017 — A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them. Un administrador de sólo lectura en dispositivos Fortinet con FortiOS 5.2.x en versiones anteriores a 5.2.10 GA y FortiOS 5.4.x en versiones anteriores a 5.4.2 GA puede tener acceso de lectura-escritura a hashes de contraseña... • http://fortiguard.com/advisory/FG-IR-16-050 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 12%CPEs: 17EXPL: 0CVE-2016-3978
https://notcve.org/view.php?id=CVE-2016-3978
08 Apr 2016 — The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." La Web User Interface (WebUI) en FortiOS 5.0.x en versiones anteriores a 5.0.13, 5.2.x en versiones anteriores a 5.2.3 y 5.4.x en versiones anteriores a 5.4.0 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios ... • http://seclists.org/fulldisclosure/2016/Mar/68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3626
https://notcve.org/view.php?id=CVE-2015-3626
11 Aug 2015 — Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. Vulnerabilidad de XSS en la página DHCP Monitor en la Web User Interface (WebUI) en Fortinet FortiOS en versiones anteriores a 5.2.4 en dispositivos FortiGate permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de host... • http://fortiguard.com/advisory/dhcp-hostname-html-injection • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 16EXPL: 0CVE-2015-2323
https://notcve.org/view.php?id=CVE-2015-2323
11 Aug 2015 — FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets. Vulnerabilidad en FortiOS 5.0.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.4 admite el anonimato, exportación, RC4 y posiblemente otros cifrados débiles al utilizar TLS para conectarse a los servidores de FortiGuard, lo que permite a a... • http://fortiguard.com/advisory/2015-07-24-weak-ciphers-suites-are-presented-towards-fortiguard-servers • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8616
https://notcve.org/view.php?id=CVE-2014-8616
12 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus. Múltiples vulnerabilidades de XSS en Fortinet FortiOS 5.2.x anterior a 5.2.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios o HTML a través de vectores no especificados en menús (1) de grupos de usuarios o (2) de plantillas vpn. • http://www.fortiguard.com/advisory/FG-IR-15-005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 70%CPEs: 3EXPL: 0CVE-2015-1880
https://notcve.org/view.php?id=CVE-2015-1880
12 May 2015 — Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vunerabilidad de XSS en la página de acceso sslvpn en Fortinet FortiOS 5.2.x en versiones anteriores a 5.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.fortiguard.com/advisory/FG-IR-15-005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •