Total
105 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16157 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | |||||
| CVE-2019-16156 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | |||||
| CVE-2017-14191 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. | |||||
| CVE-2012-6346 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. | |||||
| CVE-2024-36509 | 1 Fortinet | 1 Fortiweb | 2024-11-14 | N/A | 4.4 MEDIUM |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page. | |||||