Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8619
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 up to and including 5.3.4 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Fortinet Fortiweb 5.2.2
Fortinet Fortiweb 5.2.3
Fortinet Fortiweb 5.1.2
Fortinet Fortiweb 5.2.4
Fortinet Fortiweb 5.3.0
Fortinet Fortiweb 5.2.0
Fortinet Fortiweb 5.2.1
Fortinet Fortiweb 5.3.3
Fortinet Fortiweb 5.3.4
Fortinet Fortiweb 5.1.3
Fortinet Fortiweb 5.1.4
Fortinet Fortiweb 5.3.1
Fortinet Fortiweb 5.3.2
NA
CVE-2014-4738
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x prior to 5.2.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.
Fortinet Fortiweb 5.0.2
Fortinet Fortiweb 5.0.3
Fortinet Fortiweb 5.1.1
Fortinet Fortiweb 5.1.2
Fortinet Fortiweb 5.0.4
Fortinet Fortiweb 5.0.0
Fortinet Fortiweb 5.1.0
Fortinet Fortiweb 5.2.0
Fortinet Fortiweb 5.1.3
Fortinet Fortiweb 5.1.4
9.8
CVSSv3
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.2
5.4
CVSSv3
CVE-2022-42471
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 up to and including 7.0.2, FortiWeb version 6.4.0 up to and including 6.4.2, FortiWeb version 6.3.6 up to and including 6.3.20 may ...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb 7.0.2
Fortinet Fortiweb
8.8
CVSSv3
CVE-2021-36180
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated malicious user to execute unauthorized code or commands via crafted param...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
7.5
CVSSv3
CVE-2021-41014
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated malicious user to make the httpsd daemon unresponsive via huge HTTP packets
Fortinet Fortiweb
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
8.8
CVSSv3
CVE-2022-30306
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated malicious user to achieve arbitrary code execution via specifically crafted password.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
7.2
CVSSv3
CVE-2022-33871
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and previous versions, 6.4 all versions, version 6.3.19 and previous versions may allow a privileged malicious user to execute arbitrary code or commands via specifically crafted CLI `execute backup-l...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
6.3
CVSSv3
CVE-2021-36190
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated malicious user to access protected hosts via crafted HTTP requests.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
5.4
CVSSv3
CVE-2021-36191
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows malicious user to use the device as proxy via crafted GET parameters in requests to error handlers
Fortinet Fortiweb
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »