3 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

13 May 2025 — A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-552 • CWE-23: Relative Path Traversal •

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

08 Apr 2025 — An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code. • https://fortiguard.fortinet.com/psirt/FG-IR-23-344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0

14 Jan 2025 — An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection. • https://fortiguard.fortinet.com/psirt/FG-IR-24-078 • CWE-940: Improper Verification of Source of a Communication Channel •