5903 matches found
Fortinet Fortiweb 5.0.3 contains a reflected cross-site scripting vulnerability
Overview Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet Fortiweb 5.0.3, and possibly earlier versions, contains a cross-si...
Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability
Overview Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site...
CVE-2013-6826
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrftoken parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks...
Cross site request forgery (csrf)
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrftoken parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks...
CVE-2013-6826
Fortinet FortiAnalyzer (pre-5.0.5) is affected by CVE-2013-6826 due to improper validation of the csrf_token parameter, enabling cross-site request forgery via multiple web UI scripts. The underlying issue is lack of CSRF protection in SYSAdminUserDialog paths, leading to potential session hijack...
Fortinet FortiAnalyzer - Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/63663/info FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of...
CVE-2013-1414
Multiple cross-site request forgery CSRF vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify 1 settings or 2 policies, or 3 restart the device via a...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify 1 settings or 2 policies, or 3 restart the device via a...
CVE-2013-1414
CVE-2013-1414 applies to Fortinet FortiOS on FortiGate devices. The issue is multiple CSRF vulnerabilities in the web UI that allow an attacker to hijack an administrator’s authenticated session and perform actions such as modifying settings, changing firewall policies, or reboot/shutdown command...
Fortigate Firewalls - CSRF Vulnerability
Exploit for hardware platform in category web applications Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version:...
Fortigate Firewalls - Cross-Site Request Forgery
Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: i...
Fortigate Firewall Cross Site Request Forgery
Vulnerability ID: CVE-2013-1414 Vulnerability Type: CSRF Cross-Site Request Forgery Product: All Fortigate Firewalls Vendor: Fortinet http://www.fortinet.com Vulnerable Version: input type="submit" name="add" value="reb...
CVE-2013-4604
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...
Design/Logic Flaw
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...
CVE-2013-4604
Fortinet FortiOS prior to 5.0.3 on FortiGate devices is affected by CVE-2013-4604 due to improper restriction of the Guest user capabilities. This allows remote authenticated users with the Guest role to read, modify, or delete records of arbitrary users. The issue stems from insufficient access ...
CVE-2013-4604
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role...
Improper Guest User Permission Management Issue in FortiGate
...
Potential Man-In-The Middle Vulnerability in FortiClient VPN
...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...
CVE-2013-1471
Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...