Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb 6.3.0 vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-6646
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated malicious user to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
Fortinet Fortiweb
Fortinet Fortiweb 6.3.0
801
VMScore
CVE-2021-36195
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, and 6.1.0 up to and including 6.1.2 may allow an authenticated malicious user to execute arbitrary comm...
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
1 Article
NA
CVE-2022-30303
An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 up to and including 7.0.1, 6.3.0 up to and including 6.3.19, 6.4 all versions may allow an authenticated malicious user to execute arbitrary shell co...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
NA
CVE-2022-30299
A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 up to and including 7.0.1, 6.3.0 up to and including 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated malicious user to retrieve specific parts of files f...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
668
VMScore
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.2
578
VMScore
CVE-2021-36194
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 up to and including 6.3.15 may allow an authenticated malicious user to achieve arbitrary code execution via specially crafted requests.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
578
VMScore
CVE-2021-41017
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 up to and including 6.3.15 may allow a remote authenticated malicious user to execute arbitrary code or commands via specifically crafted HTTP requests.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
NA
CVE-2023-46713
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an malicious user to forge traffic logs via a crafted URL of the web application.
Fortinet Fortiweb
Fortinet Fortiweb 7.4.0
NA
CVE-2023-23782
A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 up to and including 7.0.1, FortiWeb version 6.3.0 up to and including 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows malicious user to escalation of privilege via speci...
Fortinet Fortiweb
NA
CVE-2022-22297
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 up to and including 6.4.1, FortiWeb version 6.3.0 up to and including 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6....
Fortinet Fortiweb
Fortinet Fortirecorder Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »