Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortios vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-15937
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote malicious user to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.
Fortinet Fortios
NA
CVE-2022-41328
A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 up to and including 7.2.3, 7.0.0 up to and including 7.0.9 and prior to 6.4.11 allows a privileged malicious user to read and write ...
Fortinet Fortios
1 Github repository
3 Articles
NA
CVE-2022-41334
An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated malicious user to launch a cross site scripting (XSS) attack via the "redir" parameter of the ...
Fortinet Fortios
4.3
CVSSv2
CVE-2018-9185
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
Fortinet Fortios
7.5
CVSSv2
CVE-2021-24012
An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
Fortinet Fortios
5
CVSSv2
CVE-2018-13379
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticat...
Fortinet Fortios
2 EDB exploits
21 Github repositories
9 Articles
4.3
CVSSv2
CVE-2019-5586
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an malicious user to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.
Fortinet Fortios
4
CVSSv2
CVE-2019-5587
Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow malicious user to implant malicious programs into the installing image by reassembling the image through specific methods.
Fortinet Fortios
4.3
CVSSv2
CVE-2019-5588
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an malicious user to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.
Fortinet Fortios
3.3
CVSSv2
CVE-2019-5591
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
Fortinet Fortios
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »