Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-23777
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged malicious user to execute arbitrary bash commands ...
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
383
VMScore
CVE-2021-43063
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to execute unauthorized code or commands via crafted HTTP GET req...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
516
VMScore
CVE-2021-43064
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to use the device as a proxy and reach external or protected hosts via redirection handlers.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
578
VMScore
CVE-2021-43071
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb
NA
CVE-2023-33305
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 up to and including 7.2.4, FortiOS version 7.0.0 up to and including 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0...
Fortinet Fortiproxy
Fortinet Fortios
Fortinet Fortiweb
Fortinet Fortiweb 7.2.0
Fortinet Fortiweb 7.2.1
383
VMScore
CVE-2019-16156
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated malicious user to perform a Cross Site Scripting attack (XSS).
Fortinet Fortiweb 6.2.0
Fortinet Fortiweb
312
VMScore
CVE-2017-7736
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and previous versions, allows malicious users to inject arbitrary web script or HTML via special crafted malicious certificate import.
Fortinet Fortiweb
Fortinet Fortiweb 5.8.0
668
VMScore
CVE-2021-36186
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
445
VMScore
CVE-2021-36187
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to cause a denial of service for webserver daemon via crafted HTTP requests
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
312
VMScore
CVE-2020-6646
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated malicious user to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
Fortinet Fortiweb 6.3.0
Fortinet Fortiweb
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »