Total
30726 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-5590 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | N/A |
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | ||||
CVE-2019-16154 | 1 Fortinet | 1 Fortiauthenticator | 2024-10-25 | 6.1 Medium |
An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | ||||
CVE-2019-17651 | 1 Fortinet | 1 Fortisiem | 2024-10-25 | 5.4 Medium |
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | ||||
CVE-2019-16156 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | 6.1 Medium |
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | ||||
CVE-2020-6643 | 1 Fortinet | 1 Fortiisolator | 2024-10-25 | 5.4 Medium |
An improper neutralization of input vulnerability in the URL Description in Fortinet FortiIsolator version 1.2.2 allows a remote authenticated attacker to perform a cross site scripting attack (XSS). | ||||
CVE-2019-6699 | 1 Fortinet | 1 Fortiadc | 2024-10-25 | 5.4 Medium |
An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface. | ||||
CVE-2020-6646 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | 5.4 Medium |
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message. | ||||
CVE-2020-6647 | 1 Fortinet | 1 Fortiadc Firmware | 2024-10-25 | 5.4 Medium |
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | ||||
CVE-2020-6640 | 1 Fortinet | 1 Fortianalyzer | 2024-10-25 | 5.4 Medium |
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | ||||
CVE-2020-9288 | 1 Fortinet | 1 Fortiwlc | 2024-10-25 | 5.4 Medium |
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. | ||||
CVE-2020-12816 | 1 Fortinet | 1 Fortinac | 2024-10-25 | 6.1 Medium |
An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. | ||||
CVE-2020-12815 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-10-25 | 5.4 Medium |
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | ||||
CVE-2020-12811 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-10-25 | 6.1 Medium |
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | ||||
CVE-2021-22122 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | 6.1 Medium |
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points. | ||||
CVE-2020-15937 | 1 Fortinet | 1 Fortios | 2024-10-25 | 4.7 Medium |
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard. | ||||
CVE-2024-37383 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-10-25 | 6.1 Medium |
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. | ||||
CVE-2021-24014 | 1 Fortinet | 1 Fortisandbox | 2024-10-25 | 5.4 Medium |
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters. | ||||
CVE-2021-32597 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-10-25 | 4.6 Medium |
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. | ||||
CVE-2021-32602 | 1 Fortinet | 1 Fortiportal | 2024-10-25 | 5.8 Medium |
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value. | ||||
CVE-2021-36175 | 1 Fortinet | 1 Fortiweb | 2024-10-25 | 4.1 Medium |
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device. |