Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortimail vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-43062
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows malicious user to execute unauthorized code or command...
Fortinet Fortimail
6.1
CVSSv3
CVE-2017-7732
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and previous versions, 5.2.0 up to and including 5.2.9, and 5.3.0 up to and including 5.3.9 customized pre-authentication webmail login page allows malicious user to inject arbitrary web script or HTML...
Fortinet Fortimail 4.1.0
Fortinet Fortimail 4.2.0
Fortinet Fortimail 5.0.10
Fortinet Fortimail 5.1
Fortinet Fortimail 5.2
Fortinet Fortimail 5.2.1
Fortinet Fortimail 5.2.2
Fortinet Fortimail 5.3.5
Fortinet Fortimail 5.3.6
Fortinet Fortimail 5.3.7
Fortinet Fortimail 5.3.8
Fortinet Fortimail 5.0.2
Fortinet Fortimail 5.0.3
Fortinet Fortimail 5.0.4
Fortinet Fortimail 5.0.5
Fortinet Fortimail 5.2.7
Fortinet Fortimail 5.2.8
Fortinet Fortimail 5.2.9
Fortinet Fortimail 5.3
Fortinet Fortimail 5.0
Fortinet Fortimail 5.0.1
Fortinet Fortimail 5.0.6
6.1
CVSSv3
CVE-2017-3125
An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an malicious user to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL cra...
Fortinet Fortimail 5.3.1
Fortinet Fortimail 5.3.3
Fortinet Fortimail 5.3.5
Fortinet Fortimail 5.2.1
Fortinet Fortimail 5.2.3
Fortinet Fortimail 5.1
Fortinet Fortimail 5.1.3
Fortinet Fortimail 5.0.6
Fortinet Fortimail 5.0.8
Fortinet Fortimail 5.0.10
Fortinet Fortimail 5.3
Fortinet Fortimail 5.2.5
Fortinet Fortimail 5.2.6
Fortinet Fortimail 5.2.7
Fortinet Fortimail 5.2.8
Fortinet Fortimail 5.3.2
Fortinet Fortimail 5.3.4
Fortinet Fortimail 5.2.2
Fortinet Fortimail 5.2.4
Fortinet Fortimail 5.2.9
Fortinet Fortimail 5.1.2
Fortinet Fortimail 5.0.7
5.4
CVSSv3
CVE-2023-36633
An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 up to and including 7.2.2 and prior to 7.0.5 allows an authenticated malicious user to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests.
Fortinet Fortimail
5.4
CVSSv3
CVE-2023-36637
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 up to and including 7.2.2 and prior to 7.0.5 allows an authenticated malicious user to inject HTML tags in FortiMail's calendar via input fields.
Fortinet Fortimail 7.2.0
Fortinet Fortimail 7.2.1
Fortinet Fortimail 7.2.2
Fortinet Fortimail
5.3
CVSSv3
CVE-2022-29056
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 up to and including 6.2.4 and prior to 6.0.9 allows a remote unauthenticated malicious user to partially exhaust CPU and memory via sending numer...
Fortinet Fortimail 6.4.0
Fortinet Fortimail
5.3
CVSSv3
CVE-2020-15933
A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows malicious user to obtain potentially sensitive software-version information via client-side re...
Fortinet Fortimail
Fortinet Fortimail 6.2.0
Fortinet Fortimail 6.2.1
Fortinet Fortimail 6.2.2
Fortinet Fortimail 6.2.3
Fortinet Fortimail 6.2.4
Fortinet Fortimail 6.4.0
Fortinet Fortimail 6.4.1
5.3
CVSSv3
CVE-2021-32591
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox prior to 4.0.1, FortiWeb prior to 6.3.12, FortiADC prior to 6.2.1, FortiMail 7.0.1 and previous versions may allow an attacker in possession of the pa...
Fortinet Fortimail
Fortinet Fortisandbox
Fortinet Fortiadc
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb
Fortinet Fortimail 7.0.1
Fortinet Fortiadc 6.2.0
Fortinet Fortisandbox 4.0.0
Fortinet Fortiadc 6.2.1
Fortinet Fortimail 7.0.0
4.9
CVSSv3
CVE-2021-26099
Missing cryptographic steps in the Identity-Based Encryption service of FortiMail prior to 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
Fortinet Fortimail
4.9
CVSSv3
CVE-2019-15707
An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for.
Fortinet Fortimail
Fortinet Fortimail 6.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »