Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortiweb
Subscriptions
Total
84 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-1458 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-7181 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | ||||
CVE-2012-6346 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. | ||||
CVE-2024-36509 | 1 Fortinet | 1 Fortiweb | 2024-11-14 | 3.8 Low |
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page. |