Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8619
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 up to and including 5.3.4 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Fortinet Fortiweb 5.2.2
Fortinet Fortiweb 5.2.3
Fortinet Fortiweb 5.1.2
Fortinet Fortiweb 5.2.4
Fortinet Fortiweb 5.3.0
Fortinet Fortiweb 5.2.0
Fortinet Fortiweb 5.2.1
Fortinet Fortiweb 5.3.3
Fortinet Fortiweb 5.3.4
Fortinet Fortiweb 5.1.3
Fortinet Fortiweb 5.1.4
Fortinet Fortiweb 5.3.1
Fortinet Fortiweb 5.3.2
NA
CVE-2014-4738
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x prior to 5.2.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.
Fortinet Fortiweb 5.0.2
Fortinet Fortiweb 5.0.3
Fortinet Fortiweb 5.1.1
Fortinet Fortiweb 5.1.2
Fortinet Fortiweb 5.0.4
Fortinet Fortiweb 5.0.0
Fortinet Fortiweb 5.1.0
Fortinet Fortiweb 5.2.0
Fortinet Fortiweb 5.1.3
Fortinet Fortiweb 5.1.4
9.8
CVSSv3
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.2
8.8
CVSSv3
CVE-2021-36180
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated malicious user to execute unauthorized code or commands via crafted param...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
5.4
CVSSv3
CVE-2022-42471
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 up to and including 7.0.2, FortiWeb version 6.4.0 up to and including 6.4.2, FortiWeb version 6.3.6 up to and including 6.3.20 may ...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb 7.0.2
Fortinet Fortiweb
4.3
CVSSv3
CVE-2022-30299
A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 up to and including 7.0.1, 6.3.0 up to and including 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated malicious user to retrieve specific parts of files f...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
6.5
CVSSv3
CVE-2023-23778
A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
7.5
CVSSv3
CVE-2021-41014
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated malicious user to make the httpsd daemon unresponsive via huge HTTP packets
Fortinet Fortiweb
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
8.8
CVSSv3
CVE-2021-36195
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, and 6.1.0 up to and including 6.1.2 may allow an authenticated malicious user to execute arbitrary comm...
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
1 Article
6.5
CVSSv3
CVE-2022-30300
A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 up to and including 7.0.1, 6.3.6 up to and including 6.3.18, 6.4 all versions may allow an authenticated malicious user to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »