Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-6646
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated malicious user to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
Fortinet Fortiweb
Fortinet Fortiweb 6.3.0
312
VMScore
CVE-2015-3612
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and previous versions and 5.0.10 and previous versions via an unspecified parameter in the FortiWeb auto update service page.
Fortinet Fortimanager
312
VMScore
CVE-2017-7736
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and previous versions, allows malicious users to inject arbitrary web script or HTML via special crafted malicious certificate import.
Fortinet Fortiweb
Fortinet Fortiweb 5.8.0
312
VMScore
CVE-2014-1458
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and previous versions allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.
Fortinet Fortiweb
231
VMScore
CVE-2021-32591
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox prior to 4.0.1, FortiWeb prior to 6.3.12, FortiADC prior to 6.2.1, FortiMail 7.0.1 and previous versions may allow an attacker in possession of the pa...
Fortinet Fortimail
Fortinet Fortisandbox
Fortinet Fortiadc
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb
Fortinet Fortimail 7.0.1
Fortinet Fortiadc 6.2.0
Fortinet Fortisandbox 4.0.0
Fortinet Fortiadc 6.2.1
Fortinet Fortimail 7.0.0
NA
CVE-2023-46713
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an malicious user to forge traffic logs via a crafted URL of the web application.
Fortinet Fortiweb
Fortinet Fortiweb 7.4.0
NA
CVE-2023-34984
A protection mechanism failure in Fortinet FortiWeb 7.2.0 up to and including 7.2.1, 7.0.0 up to and including 7.0.6, 6.4.0 up to and including 6.4.3, 6.3.6 up to and including 6.3.23 allows malicious user to execute unauthorized code or commands via specially crafted HTTP reques...
Fortinet Fortiweb
NA
CVE-2023-23777
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged malicious user to execute arbitrary bash commands ...
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
NA
CVE-2023-33305
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 up to and including 7.2.4, FortiOS version 7.0.0 up to and including 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0...
Fortinet Fortiproxy
Fortinet Fortios
Fortinet Fortiweb
Fortinet Fortiweb 7.2.0
Fortinet Fortiweb 7.2.1
NA
CVE-2022-43948
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 up to and including 7.0.3, FortiADC version 7.1.0 up to and including 7.1.1, FortiADC version 7.0.0 up to and including 7.0.3, FortiADC 6.2 al...
Fortinet Fortiweb
Fortinet Fortiadc
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »