Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-43955
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 up to and including 7.0.3, 6.3.0 up to and including 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remo...
Fortinet Fortiweb
6.1
CVSSv3
CVE-2019-5590
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an malicious user to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
Fortinet Fortiweb
8.8
CVSSv3
CVE-2021-41018
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests.
Fortinet Fortiweb
6.5
CVSSv3
CVE-2021-41026
A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 up to and including 6.3.15 may allow an authenticated malicious user to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Fortinet Fortiweb
6.1
CVSSv3
CVE-2012-6346
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb prior to 4.4.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.
Fortinet Fortiweb
7.8
CVSSv3
CVE-2023-25602
A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and previous versions, FortiWeb versions 6.2.6 and previous versions, FortiWeb versions 6.1.2 and previous versions, FortiWeb versions 6.0.7 and previous versions, FortiWeb versions 5.9....
Fortinet Fortiweb
4.9
CVSSv3
CVE-2016-5092
Directory traversal vulnerability in Fortinet FortiWeb prior to 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
Fortinet Fortiweb
8.8
CVSSv3
CVE-2021-36182
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests
Fortinet Fortiweb
6.1
CVSSv3
CVE-2021-36188
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows malicious user to execute unauthorized code or commands via crafted GET parameters in requests to login and error...
Fortinet Fortiweb
8.8
CVSSv3
CVE-2016-4066
Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb prior to 5.5.3 allows remote malicious users to hijack the authentication of administrators for requests that change the password via unspecified vectors.
Fortinet Fortiweb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »