Fortinet Fortianalyzer vulnerabilities
3 known vulnerabilities affecting fortinet/fortinet_fortianalyzer.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-12814MEDIUMCVSS 5.4vFortiAnalyzer 6.4.4, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.02021-11-02
CVE-2020-12814 [MEDIUM] CWE-79 CVE-2020-12814: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.
cvelistv5nvd
CVE-2021-24021MEDIUMCVSS 5.4vFortiAnalyzer 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.02021-10-06
CVE-2021-24021 [MEDIUM] CWE-79 CVE-2021-24021: An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via oth
cvelistv5nvd
CVE-2020-12817HIGHCVSS 8.8vFortiAnalyzer before 6.4.1; before 6.2.52020-09-24
CVE-2020-12817 [HIGH] CWE-79 CVE-2020-12817: An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
cvelistv5nvd