CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2334
https://notcve.org/view.php?id=CVE-2014-2334
31 Oct 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. Múltiples vulnerabilidades de XSS en la interfaz del usuario de web en Fortinet FortiAnalyzer anterior a 5.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, una vulnerabilidad diferente... • http://secunia.com/advisories/61309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 3CVE-2013-6826 – Fortinet FortiAnalyzer - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-6826
19 Nov 2013 — cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. cgi-bin/module/sysmanager/admin/SYSAdminUserDialog en Fortinet FortiAnalyzer anterior a la versión 5.0.5 no valida adecuadamente el parámetro csrf_token, lo que permite a atacantes remotos realizar ataques de CSRF. • https://www.exploit-db.com/exploits/38824 • CWE-352: Cross-Site Request Forgery (CSRF) •