Search
Find a vulnerability
Search criteria
24 vulnerabilities found for fortianalyzer_firmware by fortinet
CVE-2017-17541 (GCVE-0-2017-17541)
Vulnerability from nvd – Published: 2018-07-16 20:00 – Updated: 2024-10-25 14:08
VLAI
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Execute unauthorized code or commands
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://fortiguard.com/advisory/FG-IR-17-305 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041246 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1041247 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiManager, FortiAnalyzer |
Affected:
FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions
|
Date Public
2018-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:32.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041247"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-17541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:14.644167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:08:48.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiManager, FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
],
"datePublic": "2018-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-17T09:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-17541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiManager, FortiAnalyzer",
"version": {
"version_data": [
{
"version_value": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-17-305",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-17541",
"datePublished": "2018-07-16T20:00:00.000Z",
"dateReserved": "2017-12-11T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:08:48.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3126 (GCVE-0-2017-3126)
Vulnerability from nvd – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:14
VLAI
Summary
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Open redirect
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1038540 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/98557 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1038539 | vdb-entryx_refsource_SECTRACK |
| https://fortiguard.com/psirt/FG-IR-17-014 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiAnalyzer, FortiManager |
Affected:
FortiAnalyzer 5.4.2, 5.4.1, 5.4.0
Affected: FortiManager 5.4.2, 5.4.1, 5.4.0 |
Date Public
2017-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:52.755671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:14:04.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAnalyzer, FortiManager",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
},
{
"status": "affected",
"version": "FortiManager 5.4.2, 5.4.1, 5.4.0"
}
]
}
],
"datePublic": "2017-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "1038540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-3126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAnalyzer, FortiManager",
"version": {
"version_data": [
{
"version_value": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
},
{
"version_value": "FortiManager 5.4.2, 5.4.1, 5.4.0"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038540",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038539"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-17-014",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-3126",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2016-12-02T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:14:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7363 (GCVE-0-2015-7363)
Vulnerability from nvd – Published: 2016-10-07 14:00 – Updated: 2024-08-06 07:43
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036981 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1036982 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/93413 | vdb-entryx_refsource_BID |
| http://fortiguard.com/advisory/fortianalyzer-and-… | x_refsource_CONFIRM |
Date Public
2016-10-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93413"
},
{
"name": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7363",
"datePublished": "2016-10-07T14:00:00.000Z",
"dateReserved": "2015-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3195 (GCVE-0-2016-3195)
Vulnerability from nvd – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036550 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/92453 | vdb-entryx_refsource_BID |
| http://fortiguard.com/advisory/fortimanager-and-f… | x_refsource_CONFIRM |
Date Public
2016-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92453"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3195",
"datePublished": "2016-08-19T21:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:59.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3194 (GCVE-0-2016-3194)
Vulnerability from nvd – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036550 | vdb-entryx_refsource_SECTRACK |
| http://fortiguard.com/advisory/fortimanager-and-f… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92456 | vdb-entryx_refsource_BID |
Date Public
2016-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3194",
"datePublished": "2016-08-19T21:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:59.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3193 (GCVE-0-2016-3193)
Vulnerability from nvd – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036550 | vdb-entryx_refsource_SECTRACK |
| http://fortiguard.com/advisory/fortimanager-and-f… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92458 | vdb-entryx_refsource_BID |
Date Public
2016-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
},
{
"name": "92458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
},
{
"name": "92458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
},
{
"name": "92458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3193",
"datePublished": "2016-08-19T21:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:59.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3196 (GCVE-0-2016-3196)
Vulnerability from nvd – Published: 2016-08-05 14:00 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/92203 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2016/Aug/4 | mailing-listx_refsource_FULLDISC |
| http://www.securitytracker.com/id/1036550 | vdb-entryx_refsource_SECTRACK |
| http://www.vulnerability-lab.com/get_content.php?… | x_refsource_MISC |
| http://fortiguard.com/advisory/fortimanager-and-f… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/539069/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1036551 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:58.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92203"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/4"
},
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"name": "1036551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92203"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/4"
},
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"name": "1036551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92203"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/4"
},
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=1687",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"name": "1036551",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3196",
"datePublished": "2016-08-05T14:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:58.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3620 (GCVE-0-2015-3620)
Vulnerability from nvd – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.fortiguard.com/advisory/FG-IR-15-005/ | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2015/May/13 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/131766/Forti… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/535452/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/74646 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1032262 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
},
{
"name": "74646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74646"
},
{
"name": "1032262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
},
{
"name": "74646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74646"
},
{
"name": "1032262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/13"
},
{
"name": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
},
{
"name": "74646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74646"
},
{
"name": "1032262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3620",
"datePublished": "2015-05-12T19:00:00.000Z",
"dateReserved": "2015-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:47:57.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2336 (GCVE-0-2014-2336)
Vulnerability from nvd – Published: 2014-10-31 14:00 – Updated: 2024-08-06 10:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.fortiguard.com/advisory/FG-IR-14-033/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/70889 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/61309 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "70889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70889"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142336-xss(98479)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "70889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70889"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142336-xss(98479)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-033/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "70889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70889"
},
{
"name": "61309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142336-xss(98479)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2336",
"datePublished": "2014-10-31T14:00:00.000Z",
"dateReserved": "2014-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:25.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2335 (GCVE-0-2014-2335)
Vulnerability from nvd – Published: 2014-10-31 14:00 – Updated: 2024-08-06 10:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.fortiguard.com/advisory/FG-IR-14-033/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/61309 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142335-xss(98478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98478"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142335-xss(98478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98478"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-033/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142335-xss(98478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98478"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2335",
"datePublished": "2014-10-31T14:00:00.000Z",
"dateReserved": "2014-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2334 (GCVE-0-2014-2334)
Vulnerability from nvd – Published: 2014-10-31 14:00 – Updated: 2024-08-06 10:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.fortiguard.com/advisory/FG-IR-14-033/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/61309 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/70887 | vdb-entryx_refsource_BID |
Date Public
2014-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142334-xss(98477)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98477"
},
{
"name": "70887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142334-xss(98477)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98477"
},
{
"name": "70887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-033/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142334-xss(98477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98477"
},
{
"name": "70887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2334",
"datePublished": "2014-10-31T14:00:00.000Z",
"dateReserved": "2014-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:25.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6826 (GCVE-0-2013-6826)
Vulnerability from nvd – Published: 2013-11-19 19:00 – Updated: 2024-09-16 23:56
VLAI
Summary
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/123980/forti… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63663 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-19T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63663"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6826",
"datePublished": "2013-11-19T19:00:00.000Z",
"dateReserved": "2013-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:56:53.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17541 (GCVE-0-2017-17541)
Vulnerability from cvelistv5 – Published: 2018-07-16 20:00 – Updated: 2024-10-25 14:08
VLAI
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Execute unauthorized code or commands
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://fortiguard.com/advisory/FG-IR-17-305 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041246 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1041247 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | Fortinet FortiManager, FortiAnalyzer |
Affected:
FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions
|
Date Public
2018-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:32.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041247"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-17541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:14.644167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:08:48.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiManager, FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
],
"datePublic": "2018-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-17T09:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-17541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiManager, FortiAnalyzer",
"version": {
"version_data": [
{
"version_value": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-17-305",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-17541",
"datePublished": "2018-07-16T20:00:00.000Z",
"dateReserved": "2017-12-11T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:08:48.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3126 (GCVE-0-2017-3126)
Vulnerability from cvelistv5 – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:14
VLAI
Summary
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Open redirect
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1038540 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/98557 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1038539 | vdb-entryx_refsource_SECTRACK |
| https://fortiguard.com/psirt/FG-IR-17-014 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiAnalyzer, FortiManager |
Affected:
FortiAnalyzer 5.4.2, 5.4.1, 5.4.0
Affected: FortiManager 5.4.2, 5.4.1, 5.4.0 |
Date Public
2017-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:52.755671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:14:04.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAnalyzer, FortiManager",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
},
{
"status": "affected",
"version": "FortiManager 5.4.2, 5.4.1, 5.4.0"
}
]
}
],
"datePublic": "2017-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01.000Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "1038540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-3126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAnalyzer, FortiManager",
"version": {
"version_data": [
{
"version_value": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
},
{
"version_value": "FortiManager 5.4.2, 5.4.1, 5.4.0"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038540",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038539"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-17-014",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-3126",
"datePublished": "2017-05-26T22:00:00.000Z",
"dateReserved": "2016-12-02T00:00:00.000Z",
"dateUpdated": "2024-10-25T14:14:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7363 (GCVE-0-2015-7363)
Vulnerability from cvelistv5 – Published: 2016-10-07 14:00 – Updated: 2024-08-06 07:43
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036981 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1036982 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/93413 | vdb-entryx_refsource_BID |
| http://fortiguard.com/advisory/fortianalyzer-and-… | x_refsource_CONFIRM |
Date Public
2016-10-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93413"
},
{
"name": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7363",
"datePublished": "2016-10-07T14:00:00.000Z",
"dateReserved": "2015-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:43:46.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3194 (GCVE-0-2016-3194)
Vulnerability from cvelistv5 – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036550 | vdb-entryx_refsource_SECTRACK |
| http://fortiguard.com/advisory/fortimanager-and-f… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92456 | vdb-entryx_refsource_BID |
Date Public
2016-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3194",
"datePublished": "2016-08-19T21:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:59.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3193 (GCVE-0-2016-3193)
Vulnerability from cvelistv5 – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036550 | vdb-entryx_refsource_SECTRACK |
| http://fortiguard.com/advisory/fortimanager-and-f… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92458 | vdb-entryx_refsource_BID |
Date Public
2016-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
},
{
"name": "92458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92458"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
},
{
"name": "92458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92458"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
},
{
"name": "92458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92458"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3193",
"datePublished": "2016-08-19T21:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:59.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3195 (GCVE-0-2016-3195)
Vulnerability from cvelistv5 – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1036550 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/92453 | vdb-entryx_refsource_BID |
| http://fortiguard.com/advisory/fortimanager-and-f… | x_refsource_CONFIRM |
Date Public
2016-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92453"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3195",
"datePublished": "2016-08-19T21:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:59.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3196 (GCVE-0-2016-3196)
Vulnerability from cvelistv5 – Published: 2016-08-05 14:00 – Updated: 2024-08-05 23:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/92203 | vdb-entryx_refsource_BID |
| http://seclists.org/fulldisclosure/2016/Aug/4 | mailing-listx_refsource_FULLDISC |
| http://www.securitytracker.com/id/1036550 | vdb-entryx_refsource_SECTRACK |
| http://www.vulnerability-lab.com/get_content.php?… | x_refsource_MISC |
| http://fortiguard.com/advisory/fortimanager-and-f… | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/539069/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1036551 | vdb-entryx_refsource_SECTRACK |
Date Public
2016-07-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:58.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92203"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/4"
},
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"name": "1036551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92203"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Aug/4"
},
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"name": "1036551",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92203"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Aug/4"
},
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=1687",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"name": "1036551",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3196",
"datePublished": "2016-08-05T14:00:00.000Z",
"dateReserved": "2016-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:47:58.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3620 (GCVE-0-2015-3620)
Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 05:47
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.fortiguard.com/advisory/FG-IR-15-005/ | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2015/May/13 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/131766/Forti… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/535452/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/74646 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1032262 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-02-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/May/13"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
},
{
"name": "74646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74646"
},
{
"name": "1032262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032262"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/May/13"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
},
{
"name": "74646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74646"
},
{
"name": "1032262",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032262"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/13"
},
{
"name": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
},
{
"name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
},
{
"name": "74646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74646"
},
{
"name": "1032262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032262"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3620",
"datePublished": "2015-05-12T19:00:00.000Z",
"dateReserved": "2015-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:47:57.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2334 (GCVE-0-2014-2334)
Vulnerability from cvelistv5 – Published: 2014-10-31 14:00 – Updated: 2024-08-06 10:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.fortiguard.com/advisory/FG-IR-14-033/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/61309 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/70887 | vdb-entryx_refsource_BID |
Date Public
2014-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142334-xss(98477)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98477"
},
{
"name": "70887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142334-xss(98477)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98477"
},
{
"name": "70887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-033/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142334-xss(98477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98477"
},
{
"name": "70887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2334",
"datePublished": "2014-10-31T14:00:00.000Z",
"dateReserved": "2014-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:25.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2335 (GCVE-0-2014-2335)
Vulnerability from cvelistv5 – Published: 2014-10-31 14:00 – Updated: 2024-08-06 10:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.fortiguard.com/advisory/FG-IR-14-033/ | x_refsource_CONFIRM |
| http://secunia.com/advisories/61309 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142335-xss(98478)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98478"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142335-xss(98478)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98478"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-033/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "61309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142335-xss(98478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98478"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2335",
"datePublished": "2014-10-31T14:00:00.000Z",
"dateReserved": "2014-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:25.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2336 (GCVE-0-2014-2336)
Vulnerability from cvelistv5 – Published: 2014-10-31 14:00 – Updated: 2024-08-06 10:14
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.fortiguard.com/advisory/FG-IR-14-033/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/70889 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/61309 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "70889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70889"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142336-xss(98479)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "70889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70889"
},
{
"name": "61309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142336-xss(98479)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguard.com/advisory/FG-IR-14-033/",
"refsource": "CONFIRM",
"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
},
{
"name": "70889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70889"
},
{
"name": "61309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61309"
},
{
"name": "fortimanageranalyzer-cve20142336-xss(98479)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2336",
"datePublished": "2014-10-31T14:00:00.000Z",
"dateReserved": "2014-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:14:25.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6826 (GCVE-0-2013-6826)
Vulnerability from cvelistv5 – Published: 2013-11-19 19:00 – Updated: 2024-09-16 23:56
VLAI
Summary
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/123980/forti… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63663 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-19T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63663"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6826",
"datePublished": "2013-11-19T19:00:00.000Z",
"dateReserved": "2013-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:56:53.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}