CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2024-35280
https://notcve.org/view.php?id=CVE-2024-35280
15 Jan 2025 — A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints Una neutralización incorrecta de la entrada durante la generación de páginas web ("cross-site scripting") en Fortinet FortiDeceptor 3.x todas las versiones, 4.x todas las versiones, 5.0 todas las... • https://fortiguard.fortinet.com/psirt/FG-IR-24-010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45326
https://notcve.org/view.php?id=CVE-2024-45326
14 Jan 2025 — An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privi... • https://fortiguard.fortinet.com/psirt/FG-IR-24-285 • CWE-284: Improper Access Control •