Filtered by vendor Fortinet Subscriptions
Filtered by product Fortiweb Subscriptions
Total 84 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-1458 1 Fortinet 1 Fortiweb 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7181 1 Fortinet 1 Fortiweb 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2012-6346 1 Fortinet 1 Fortiweb 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.
CVE-2024-36509 1 Fortinet 1 Fortiweb 2024-11-14 3.8 Low
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.