Fortinet Fortianalyzer Firmware vulnerabilities
12 known vulnerabilities affecting fortinet/fortianalyzer_firmware.
Total CVEs
12
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM12
Vulnerabilities
Page 1 of 1
CVE-2017-17541MEDIUMCVSS 6.1≤ 5.6.4v6.0.02018-07-16
CVE-2017-17541 [MEDIUM] CWE-79 CVE-2017-17541: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions,
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
nvd
CVE-2017-3126MEDIUMCVSS 6.1v5.4.0v5.4.1+1 more2017-05-27
CVE-2017-3126 [MEDIUM] CWE-601 CVE-2017-3126: An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
nvd
CVE-2015-7363MEDIUMCVSS 5.4v5.0.0v5.0.1+14 more2016-10-07
CVE-2015-7363 [MEDIUM] CWE-79 CVE-2015-7363: Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
nvd
CVE-2016-3193MEDIUMCVSS 5.4v5.0.0v5.0.2+17 more2016-08-19
CVE-2016-3193 [MEDIUM] CWE-79 CVE-2016-3193: Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2016-3194MEDIUMCVSS 6.1v5.0.0v5.0.2+16 more2016-08-19
CVE-2016-3194 [MEDIUM] CWE-79 CVE-2016-3194: Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x befo
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2016-3195MEDIUMCVSS 6.1v5.0.0v5.0.2+16 more2016-08-19
CVE-2016-3195 [MEDIUM] CWE-79 CVE-2016-3195: Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 an
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2016-3196MEDIUMCVSS 5.4v5.0.0v5.0.1+9 more2016-08-05
CVE-2016-3196 [MEDIUM] CWE-79 CVE-2016-3196: Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x befor
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
nvd
CVE-2015-3620MEDIUMCVSS 4.3v5.0.0v5.0.1+3 more2015-05-12
CVE-2015-3620 [MEDIUM] CWE-79 CVE-2015-3620: Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnaly
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-2335MEDIUMCVSS 4.3≤ 5.0.62014-10-31
CVE-2014-2335 [MEDIUM] CWE-79 CVE-2014-2335: Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManag
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
nvd
CVE-2014-2336MEDIUMCVSS 4.3≤ 5.0.62014-10-31
CVE-2014-2336 [MEDIUM] CVE-2014-2336: Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManag
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
nvd
CVE-2014-2334MEDIUMCVSS 4.3≤ 5.0.62014-10-31
CVE-2014-2334 [MEDIUM] CWE-79 CVE-2014-2334: Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnaly
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
nvd
CVE-2013-6826MEDIUMCVSS 6.8PoC≤ 5.0.42013-11-20
CVE-2013-6826 [MEDIUM] CWE-352 CVE-2013-6826: cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
nvd