CVE-2017-7739

A reflected Cross-site Scripting XSS vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

CVE-2017-7739

CVE-2017-7739 (Fortinet FortiOS): A reflected XSS vulnerability in the web proxy disclaimer response page allows an unauthenticated attacker to inject arbitrary script/HTML by sending a malicious URL. The underlying issue is flawed input validation on the disclaimer page. Affected FortiOS version...

CVE-2017-7739

A reflected Cross-site Scripting XSS vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously craft...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-33750)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet dedicated to the FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site scripti...

FortiOS SSL Deep-Inspection possible Insecure Renegotiation

FortiOS SSL Deep-Inspection may enable insecure renegotiation between TLS clients and servers that support secure renegotiation, opening the door to potential Man-in-the-Middle attacks CVE-2009-3555 against the TLS connection, where an attacker could inject arbitrary data in the connection withou...

FortiOS Reflected XSS in Web Proxy Disclaimer Response web page

A reflected XSS vulnerability exists in FortiOS web proxy disclaimer response web pages, potentially exploitable by an unauthenticated attacker, via sending a maliciously crafted URL to the victim. The victim visiting the malicious URL would then have arbitrary javascript code executed in the...

Fortinet FortiOS 5.4.x < 5.4.6 Denial of Service (FG-IR-17-206)

The version of Fortinet FortiOS running on the remote device is 5.4 prior to 5.4.6. It is, therefore, affected by a Denial of Service DoS vulnerability in the FortiOS webUI. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid104352; scriptversion"1.7";...

Fortinet FortiOS 5.4.x < 5.4.6 / 5.6.x < 5.6.1 XSS (FG-IR-17-113)

The version of Fortinet FortiOS running on the remote device is 5.4 prior to 5.4.6 or 5.6 prior to 5.6.1. It is, therefore, affected by a cross-site scripting XSS vulnerability in the FortiOS web GUI 'Login Disclaimer' redir parameter. C Tenable Network Security, Inc. include"compat.inc"; if...

Fortinet FortiOS Denial of Service Vulnerability (CNVD-2017-35607)

FortiOS is an intuitive operating system that lets you control all security and networking features of all FortiGates throughout your network. A denial of service vulnerability exists in Fortinet FortiOS. A remote authenticated user can cause the target web interface to be temporarily unavailable...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-36080)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site...

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

CVE-2017-14182

A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...

Denial of service

A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...

Cross site scripting

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

CVE-2017-14182

A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...

CVE-2017-14182

A Denial of Service DoS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API...

CVE-2017-7733

Fortinet FortiOS 5.4.x before 5.4.6 and 5.6.x before 5.6.1 contain a cross-site scripting (XSS) vulnerability in the web GUI Login Disclaimer redir parameter. The issue allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim’s browser. Root cause is input handling i...

CVE-2017-14182

CVE-2017-14182 involves Fortinet FortiOS (version 5.4.0 to 5.4.5) where an authenticated user can trigger a DoS by sending a crafted payload to the JSON web API’s params parameter, making the FortiOS web UI temporarily unresponsive. The issue is tied to the FortiOS web UI (URLs under /json) and i...

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...