CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36555
https://notcve.org/view.php?id=CVE-2023-36555
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. Una neutralización inadecuada de etiquetas html relacionadas con scripts en una página web (xss básico) en Fortinet FortiOS 7.2.0 - 7.2.4 permite a un atacante ejecutar código o comandos no autorizados a través de los componentes SAML y Security Fabric. • https://fortiguard.com/psirt/FG-IR-23-104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33301
https://notcve.org/view.php?id=CVE-2023-33301
An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. Una vulnerabilidad de control de acceso inadecuado en Fortinet FortiOS 7.2.0 - 7.2.4 y 7.4.0 permite a un atacante acceder a un recurso restringido desde un host no confiable. • https://fortiguard.com/psirt/FG-IR-23-139 • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-29183
https://notcve.org/view.php?id=CVE-2023-29183
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting. Una neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-Site Scripting') [CWE-79] en FortiProxy 7.2.0 a 7.2.4, 7.0.0 a 7.0.10 y FortiOS 7.2.0 a 7.2.4, Las versiones 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.14 pueden permitir que un atacante autenticado desencadene la ejecución de código JavaScript malicioso a través de una configuración de administración de invitados manipulados. • https://fortiguard.com/psirt/FG-IR-23-106 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2022-22305
https://notcve.org/view.php?id=CVE-2022-22305
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. Una vulnerabilidad de validación de certificado incorrecta [CWE-295] en FortiManager v7.0.1 y versiones inferiores, v6.4.6 y versiones inferiores; FortiAnalyzer v7.0.2 y versiones inferiores, v6.4.7 y versiones inferiores; FortiOS v6.2.x y v6.0.x; FortiSandbox v4.0.x, 3.2.x y 3.1.x puede permitir a un atacante adyacente a la red y no autenticado interceder en la comunicación mediante la técnica de man-in-the-middle entre los productos enumerados y algunos peers externos. • https://fortiguard.com/psirt/FG-IR-18-292 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29182
https://notcve.org/view.php?id=CVE-2023-29182
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections. • https://fortiguard.com/psirt/FG-IR-23-149 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •