CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2016-3195
https://notcve.org/view.php?id=CVE-2016-3195
19 Aug 2016 — Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web-UI en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atac... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0CVE-2016-3196
https://notcve.org/view.php?id=CVE-2016-3196
05 Aug 2016 — Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Vulnerabilidad de XSS en Fortinet FortiAnalyzer 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 3CVE-2015-3620 – Fortinet FortiAnalyzer / FortiManager Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-3620
05 May 2015 — Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de los informes de dataset avanzados en Fortinet FortiAnalyzer 5.0.0 hasta 5.0.10 y 5.2.0 hasta 5.2.1 y FortiManager 5.0.3 hasta 5.0.10 y 5.2.0 hasta 5.2.1 permite a atacantes re... • https://packetstorm.news/files/id/131766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2334
https://notcve.org/view.php?id=CVE-2014-2334
31 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. Múltiples vulnerabilidades de XSS en la interfaz del usuario de web en Fortinet FortiAnalyzer anterior a 5.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente... • http://secunia.com/advisories/61309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2335
https://notcve.org/view.php?id=CVE-2014-2335
31 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. Múltiples vulnerabilidades de XSS en la interfaz del usuario de web en Fortinet FortiManager anterior a 5.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a... • http://secunia.com/advisories/61309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2336
https://notcve.org/view.php?id=CVE-2014-2336
31 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. Múltiples vulnerabilidades de XSS en la interfaz del usuario de web en Fortinet FortiManager anterior a 5.0.7 y FortiAnalyzer anterior a 5.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML... • http://secunia.com/advisories/61309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 3CVE-2013-6826 – Fortinet FortiAnalyzer - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-6826
19 Nov 2013 — cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. cgi-bin/module/sysmanager/admin/SYSAdminUserDialog en Fortinet FortiAnalyzer anterior a la versión 5.0.5 no valida adecuadamente el parámetro csrf_token, lo que permite a atacantes remotos realizar ataques de CSRF. • https://www.exploit-db.com/exploits/38824 • CWE-352: Cross-Site Request Forgery (CSRF) •