Total
30520 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13380 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-10-25 | 4.7 Medium |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. | ||||
| CVE-2019-5586 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests. | ||||
| CVE-2019-5588 | 1 Fortinet | 1 Fortios | 2024-10-25 | N/A |
| A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests. | ||||
| CVE-2019-5594 | 1 Fortinet | 1 Fortinac | 2024-10-25 | N/A |
| An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | ||||
| CVE-2019-5590 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | N/A |
| The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | ||||
| CVE-2019-16154 | 1 Fortinet | 1 Fortiauthenticator | 2024-10-25 | 6.1 Medium |
| An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | ||||
| CVE-2019-17651 | 1 Fortinet | 1 Fortisiem | 2024-10-25 | 5.4 Medium |
| An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | ||||
| CVE-2019-16156 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | 6.1 Medium |
| An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | ||||
| CVE-2020-6643 | 1 Fortinet | 1 Fortiisolator | 2024-10-25 | 5.4 Medium |
| An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | ||||
| CVE-2019-6699 | 1 Fortinet | 1 Fortiadc | 2024-10-25 | 5.4 Medium |
| An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | ||||
| CVE-2020-6646 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | 5.4 Medium |
| An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | ||||
| CVE-2020-6647 | 1 Fortinet | 1 Fortiadc Firmware | 2024-10-25 | 5.4 Medium |
| An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | ||||
| CVE-2020-6640 | 1 Fortinet | 1 Fortianalyzer | 2024-10-25 | 5.4 Medium |
| An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | ||||
| CVE-2020-9288 | 1 Fortinet | 1 Fortiwlc | 2024-10-25 | 5.4 Medium |
| An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | ||||
| CVE-2020-12816 | 1 Fortinet | 1 Fortinac | 2024-10-25 | 6.1 Medium |
| An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. | ||||
| CVE-2020-12815 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-10-25 | 5.4 Medium |
| An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | ||||
| CVE-2020-12811 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-10-25 | 6.1 Medium |
| An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | ||||
| CVE-2021-22122 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | 6.1 Medium |
| An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points. | ||||
| CVE-2020-15937 | 1 Fortinet | 1 Fortios | 2024-10-25 | 4.7 Medium |
| An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard. | ||||
| CVE-2024-37383 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-10-25 | 6.1 Medium |
| Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | ||||