Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fortiweb
(Fortinet)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 87 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-05-08 | CVE-2014-3115 | Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. | Fortiweb | N/A | ||
| 2014-04-30 | CVE-2014-1957 | FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors. | Fortiweb | N/A | ||
| 2014-04-30 | CVE-2014-1956 | CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | Fortiweb | N/A | ||
| 2014-04-30 | CVE-2014-1955 | Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Fortiweb | N/A | ||
| 2014-02-04 | CVE-2014-1458 | Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors. | Fortiweb | N/A | ||
| 2014-02-04 | CVE-2013-7181 | Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | Fortiweb | N/A | ||
| 2018-02-09 | CVE-2012-6346 | Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. | Fortiweb | 6.1 |