NotCVE - vendor:"Fortinet" product:"Fortimanager Firmware" version:"5.2.4"

6 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-17541

https://notcve.org/view.php?id=CVE-2017-17541

16 Jul 2018 — A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. Una vulnerabilidad de Cross-Site Scripting (XSS) en Fortinet FortiManager 6.0.0, 5.6.4 y anteriores y FortiAnalyzer 6.0.0, 5.6.4 y anteriores permite inyectar código JavaScript y etiquetas HTML mediante el valor CN de los cer... • http://www.securitytracker.com/id/1041246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.4EPSS: 0%CPEs: 18EXPL: 0

CVE-2016-8495

https://notcve.org/view.php?id=CVE-2016-8495

13 Feb 2017 — An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. Una vulnerabilidad de validación de certificado incorrecto en Fortinet FortiManager 5.0.6 hasta la versión 5.2.7 y 5.4.0 hasta la versión 5.4.1 permite a atacantes remotos suplantar una entidad de confianza utilizando un ataque man-in-the-middle (MITM) a t... • http://www.securityfocus.com/bid/96157 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 38EXPL: 0

CVE-2016-3193

https://notcve.org/view.php?id=CVE-2016-3193

19 Aug 2016 — Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la aplicación web del dispositivo en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12, 5.2.x en versiones anteriores a 5.2.6 y 5.4.x en ve... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0

CVE-2016-3194

https://notcve.org/view.php?id=CVE-2016-3194

19 Aug 2016 — Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la página de dirección de agregado en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versio... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0

CVE-2016-3195

https://notcve.org/view.php?id=CVE-2016-3195

19 Aug 2016 — Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la Web-UI en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atac... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0

CVE-2016-3196

https://notcve.org/view.php?id=CVE-2016-3196

05 Aug 2016 — Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Vulnerabilidad de XSS en Fortinet FortiAnalyzer 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5... • http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •