Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-23438
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote malicious user to perform a reflected cross site scripting (XSS) att...
Fortinet Fortios
4.3
CVSSv3
CVE-2022-23442
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 up to and including 6.2.11, 6.4.0 up to and including 6.4.8 and 7.0.0 up to and including 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about...
Fortinet Fortios
NA
CVE-2015-3626
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS prior to 5.2.4 on FortiGate devices allows remote malicious users to inject arbitrary web script or HTML via a crafted hostname.
Fortinet Fortios
6.1
CVSSv3
CVE-2019-5588
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an malicious user to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.
Fortinet Fortios
6.1
CVSSv3
CVE-2017-3132
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and previous versions allows malicious users to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
Fortinet Fortios
1 EDB exploit
6.1
CVSSv3
CVE-2019-5586
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an malicious user to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.
Fortinet Fortios
6.5
CVSSv3
CVE-2019-5587
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow malicious user to implant malicious programs into the installing image by reassembling the image through specific methods.
Fortinet Fortios
6.5
CVSSv3
CVE-2019-5591
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
Fortinet Fortios
1 Article
7.2
CVSSv3
CVE-2017-7738
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI comm...
Fortinet Fortios
7.8
CVSSv3
CVE-2021-44168
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS prior to 7.0.3 may allow a local authenticated malicious user to download arbitrary files on the device via specially crafted update packages.
Fortinet Fortios
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »