Check CVE Id
Check CWE Id
CVSS Base Score
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webU...
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v22.214.171.124 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is r...
Dynacolor FCM-MB40 v126.96.36.199 devices have CSRF in all scripts under cgi-bin/.
Dynacolor FCM-MB40 v188.8.131.52 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.
Dynacolor FCM-MB40 v184.108.40.206 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.
Dynacolor FCM-MB40 v220.127.116.11 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "err" parameter of the error process HTTP requests.
Back to Top