Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32602 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value. | |||||
CVE-2021-32596 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables. | |||||
CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | |||||
CVE-2017-7342 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | |||||
CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | |||||
CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | |||||
CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | |||||
CVE-2017-7337 | 1 Fortinet | 1 Fortiportal | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. |