Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Fortinet Subscribe
Filtered by product Fortiweb

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4738 1 Fortinet 1 Fortiweb 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.
CVE-2014-1458 1 Fortinet 1 Fortiweb 2017-08-29 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8619 1 Fortinet 1 Fortiweb 2017-01-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3115 1 Fortinet 1 Fortiweb 2015-08-01 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.
CVE-2013-7181 1 Fortinet 1 Fortiweb 2015-07-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2014-1956 1 Fortinet 1 Fortiweb 2014-07-18 5.0 MEDIUM N/A
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2014-1955 1 Fortinet 1 Fortiweb 2014-07-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1957 1 Fortinet 1 Fortiweb 2014-07-18 6.5 MEDIUM N/A
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.