Vulnerabilites related to fortinet - fortimanager_firmware
CVE-2015-3616 (GCVE-0-2015-3616)
Vulnerability from cvelistv5
Published
2017-08-11 21:00
Modified
2024-08-06 05:47
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
References
http://www.securityfocus.com/bid/74444 vdb-entry, x_refsource_BID
https://fortiguard.com/psirt/FG-IR-15-011 x_refsource_CONFIRM
http://www.securitytracker.com/id/1032188 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.724Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "74444",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74444"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-15-011"
          },
          {
            "name": "1032188",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032188"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-25T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "74444",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74444"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-15-011"
        },
        {
          "name": "1032188",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032188"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3616",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "74444",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74444"
            },
            {
              "name": "https://fortiguard.com/psirt/FG-IR-15-011",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-15-011"
            },
            {
              "name": "1032188",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032188"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3616",
    "datePublished": "2017-08-11T21:00:00",
    "dateReserved": "2015-04-30T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3196 (GCVE-0-2016-3196)
Vulnerability from cvelistv5
Published
2016-08-05 14:00
Modified
2024-08-05 23:47
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:58.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92203",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92203"
          },
          {
            "name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Aug/4"
          },
          {
            "name": "1036550",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036550"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
          },
          {
            "name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
          },
          {
            "name": "1036551",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036551"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "92203",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92203"
        },
        {
          "name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Aug/4"
        },
        {
          "name": "1036550",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036550"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
        },
        {
          "name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
        },
        {
          "name": "1036551",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036551"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3196",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92203",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92203"
            },
            {
              "name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Aug/4"
            },
            {
              "name": "1036550",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036550"
            },
            {
              "name": "http://www.vulnerability-lab.com/get_content.php?id=1687",
              "refsource": "MISC",
              "url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
            },
            {
              "name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
            },
            {
              "name": "20160801 Fortinet FortiManager \u0026 FortiAnalyzer - (filename) Persistent Web Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
            },
            {
              "name": "1036551",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036551"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3196",
    "datePublished": "2016-08-05T14:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:58.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3195 (GCVE-0-2016-3195)
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-05 23:47
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:59.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036550",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036550"
          },
          {
            "name": "92453",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1036550",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036550"
        },
        {
          "name": "92453",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036550",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036550"
            },
            {
              "name": "92453",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92453"
            },
            {
              "name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3195",
    "datePublished": "2016-08-19T21:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:59.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8038 (GCVE-0-2015-8038)
Vulnerability from cvelistv5
Published
2015-11-02 19:00
Modified
2024-09-17 02:17
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-02T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8038",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8038",
    "datePublished": "2015-11-02T19:00:00Z",
    "dateReserved": "2015-11-02T00:00:00Z",
    "dateUpdated": "2024-09-17T02:17:04.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-17541 (GCVE-0-2017-17541)
Vulnerability from cvelistv5
Published
2018-07-16 20:00
Modified
2024-10-25 14:08
Severity ?
CWE
  • Execute unauthorized code or commands
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
References
https://fortiguard.com/advisory/FG-IR-17-305 x_refsource_CONFIRM
http://www.securitytracker.com/id/1041246 vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1041247 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Fortinet Fortinet FortiManager, FortiAnalyzer Version: FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:51:32.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-17-305"
          },
          {
            "name": "1041246",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041246"
          },
          {
            "name": "1041247",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041247"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-17541",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:00:14.644167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:08:48.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
            }
          ]
        }
      ],
      "datePublic": "2018-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-17T09:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-17-305"
        },
        {
          "name": "1041246",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041246"
        },
        {
          "name": "1041247",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041247"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2017-17541",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-17-305",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-17-305"
            },
            {
              "name": "1041246",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041246"
            },
            {
              "name": "1041247",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041247"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2017-17541",
    "datePublished": "2018-07-16T20:00:00",
    "dateReserved": "2017-12-11T00:00:00",
    "dateUpdated": "2024-10-25T14:08:48.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-7363 (GCVE-0-2015-7363)
Vulnerability from cvelistv5
Published
2016-10-07 14:00
Modified
2024-08-06 07:43
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036981",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036981"
          },
          {
            "name": "1036982",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036982"
          },
          {
            "name": "93413",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1036981",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036981"
        },
        {
          "name": "1036982",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036982"
        },
        {
          "name": "93413",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036981",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036981"
            },
            {
              "name": "1036982",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036982"
            },
            {
              "name": "93413",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93413"
            },
            {
              "name": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7363",
    "datePublished": "2016-10-07T14:00:00",
    "dateReserved": "2015-09-25T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8495 (GCVE-0-2016-8495)
Vulnerability from cvelistv5
Published
2017-02-13 15:00
Modified
2024-10-25 14:40
Severity ?
CWE
  • Credentials exposure
Summary
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
References
http://www.securitytracker.com/id/1037805 vdb-entry, x_refsource_SECTRACK
https://fortiguard.com/advisory/FG-IR-16-055 x_refsource_CONFIRM
http://www.securityfocus.com/bid/96157 vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Fortinet FortiManager Version: 5.0.6 to 5.2.7
Version: 5.4.0 to 5.4.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:39.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037805",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037805"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-16-055"
          },
          {
            "name": "96157",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96157"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2016-8495",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:04:11.896573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:40:29.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.6 to 5.2.7"
            },
            {
              "status": "affected",
              "version": "5.4.0 to 5.4.1"
            }
          ]
        }
      ],
      "datePublic": "2017-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Credentials exposure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "1037805",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037805"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-16-055"
        },
        {
          "name": "96157",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96157"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2016-8495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.6 to 5.2.7"
                          },
                          {
                            "version_value": "5.4.0 to 5.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Credentials exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037805",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037805"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-16-055",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-16-055"
            },
            {
              "name": "96157",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96157"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2016-8495",
    "datePublished": "2017-02-13T15:00:00",
    "dateReserved": "2016-10-07T00:00:00",
    "dateUpdated": "2024-10-25T14:40:29.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8037 (GCVE-0-2015-8037)
Vulnerability from cvelistv5
Published
2015-11-02 19:00
Modified
2024-09-16 23:16
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-11-02T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8037",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8037",
    "datePublished": "2015-11-02T19:00:00Z",
    "dateReserved": "2015-11-02T00:00:00Z",
    "dateUpdated": "2024-09-16T23:16:26.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3193 (GCVE-0-2016-3193)
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-05 23:47
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:59.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036550",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036550"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
          },
          {
            "name": "92458",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92458"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1036550",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036550"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
        },
        {
          "name": "92458",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92458"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3193",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036550",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036550"
            },
            {
              "name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
            },
            {
              "name": "92458",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92458"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3193",
    "datePublished": "2016-08-19T21:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:59.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3620 (GCVE-0-2015-3620)
Vulnerability from cvelistv5
Published
2015-05-12 19:00
Modified
2024-08-06 05:47
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.762Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
          },
          {
            "name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/May/13"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
          },
          {
            "name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
          },
          {
            "name": "74646",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74646"
          },
          {
            "name": "1032262",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032262"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
        },
        {
          "name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/May/13"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
        },
        {
          "name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
        },
        {
          "name": "74646",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74646"
        },
        {
          "name": "1032262",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032262"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3620",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
            },
            {
              "name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/May/13"
            },
            {
              "name": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
            },
            {
              "name": "20150505 Fortinet FortiAnalyzer \u0026 FortiManager - Client Side Cross Site Scripting Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
            },
            {
              "name": "74646",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74646"
            },
            {
              "name": "1032262",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032262"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3620",
    "datePublished": "2015-05-12T19:00:00",
    "dateReserved": "2015-04-30T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-3126 (GCVE-0-2017-3126)
Vulnerability from cvelistv5
Published
2017-05-26 22:00
Modified
2024-10-25 14:14
Severity ?
CWE
  • Open redirect
Summary
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
References
http://www.securitytracker.com/id/1038540 vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/98557 vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1038539 vdb-entry, x_refsource_SECTRACK
https://fortiguard.com/psirt/FG-IR-17-014 x_refsource_CONFIRM
Impacted products
Vendor Product Version
Fortinet, Inc. Fortinet FortiAnalyzer, FortiManager Version: FortiAnalyzer 5.4.2, 5.4.1, 5.4.0
Version: FortiManager 5.4.2, 5.4.1, 5.4.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038540",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038540"
          },
          {
            "name": "98557",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98557"
          },
          {
            "name": "1038539",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038539"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-17-014"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-3126",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:00:52.755671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:14:04.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiAnalyzer, FortiManager",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
            },
            {
              "status": "affected",
              "version": "FortiManager 5.4.2, 5.4.1, 5.4.0"
            }
          ]
        }
      ],
      "datePublic": "2017-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "1038540",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038540"
        },
        {
          "name": "98557",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98557"
        },
        {
          "name": "1038539",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038539"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-17-014"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2017-3126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiAnalyzer, FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
                          },
                          {
                            "version_value": "FortiManager 5.4.2, 5.4.1, 5.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Open redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038540",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038540"
            },
            {
              "name": "98557",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98557"
            },
            {
              "name": "1038539",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038539"
            },
            {
              "name": "https://fortiguard.com/psirt/FG-IR-17-014",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-17-014"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2017-3126",
    "datePublished": "2017-05-26T22:00:00",
    "dateReserved": "2016-12-02T00:00:00",
    "dateUpdated": "2024-10-25T14:14:04.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3194 (GCVE-0-2016-3194)
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-05 23:47
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:59.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036550",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036550"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
          },
          {
            "name": "92456",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92456"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1036550",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036550"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
        },
        {
          "name": "92456",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92456"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3194",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036550",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036550"
            },
            {
              "name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
            },
            {
              "name": "92456",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92456"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3194",
    "datePublished": "2016-08-19T21:00:00",
    "dateReserved": "2016-03-15T00:00:00",
    "dateUpdated": "2024-08-05T23:47:59.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3617 (GCVE-0-2015-3617)
Vulnerability from cvelistv5
Published
2017-08-22 15:00
Modified
2024-08-06 05:47
Severity ?
CWE
  • n/a
Summary
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
References
http://www.securityfocus.com/bid/74444 vdb-entry, x_refsource_BID
https://fortiguard.com/psirt/FG-IR-15-011 x_refsource_CONFIRM
http://www.securitytracker.com/id/1032188 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:58.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "74444",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74444"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-15-011"
          },
          {
            "name": "1032188",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032188"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-25T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "74444",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74444"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-15-011"
        },
        {
          "name": "1032188",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032188"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "74444",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74444"
            },
            {
              "name": "https://fortiguard.com/psirt/FG-IR-15-011",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-15-011"
            },
            {
              "name": "1032188",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032188"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3617",
    "datePublished": "2017-08-22T15:00:00",
    "dateReserved": "2015-04-30T00:00:00",
    "dateUpdated": "2024-08-06T05:47:58.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3614 (GCVE-0-2015-3614)
Vulnerability from cvelistv5
Published
2017-08-11 21:00
Modified
2024-08-06 05:47
Severity ?
CWE
  • n/a
Summary
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
References
http://www.securityfocus.com/bid/74444 vdb-entry, x_refsource_BID
https://fortiguard.com/psirt/FG-IR-15-011 x_refsource_CONFIRM
http://www.securitytracker.com/id/1032188 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "74444",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74444"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-15-011"
          },
          {
            "name": "1032188",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032188"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-25T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "74444",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74444"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-15-011"
        },
        {
          "name": "1032188",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032188"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3614",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "74444",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74444"
            },
            {
              "name": "https://fortiguard.com/psirt/FG-IR-15-011",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-15-011"
            },
            {
              "name": "1032188",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032188"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3614",
    "datePublished": "2017-08-11T21:00:00",
    "dateReserved": "2015-04-30T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3615 (GCVE-0-2015-3615)
Vulnerability from cvelistv5
Published
2017-08-11 21:00
Modified
2024-08-06 05:47
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
References
http://www.securityfocus.com/bid/74444 vdb-entry, x_refsource_BID
https://fortiguard.com/psirt/FG-IR-15-011 x_refsource_CONFIRM
http://www.securitytracker.com/id/1032188 vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.731Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "74444",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74444"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-15-011"
          },
          {
            "name": "1032188",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032188"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-25T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "74444",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74444"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-15-011"
        },
        {
          "name": "1032188",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032188"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3615",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "74444",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74444"
            },
            {
              "name": "https://fortiguard.com/psirt/FG-IR-15-011",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-15-011"
            },
            {
              "name": "1032188",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032188"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3615",
    "datePublished": "2017-08-11T21:00:00",
    "dateReserved": "2015-04-30T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2017-08-11 21:29
Modified
2025-04-20 01:37
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
References
cve@mitre.orghttp://www.securityfocus.com/bid/74444
cve@mitre.orghttp://www.securitytracker.com/id/1032188Third Party Advisory, VDB Entry
cve@mitre.orghttps://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74444
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032188Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.0
fortinet fortimanager_firmware 5.0.1
fortinet fortimanager_firmware 5.0.2
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager_2000e -
fortinet fortimanager_200d -
fortinet fortimanager_3000f -
fortinet fortimanager_300e -
fortinet fortimanager_3900e -
fortinet fortimanager_400e -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F721DFB2-5ABA-48B9-943E-30A143EAC28E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF33648-375E-4BE8-AEB9-6348370A0362",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF0F28C8-34F7-4B42-BC89-D79D912C314B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A488B2-735F-4BC5-BC06-28330E4226C4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9FC4D8-A8F5-4BF2-BFE7-0DCF813A0A98",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD6CB6E-760E-4742-847A-EF4261288FB7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability."
    },
    {
      "lang": "es",
      "value": "Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y en versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos obtengan archivos arbitrarios mediante vectores que implican otra vulnerabilidad sin especificar."
    }
  ],
  "id": "CVE-2015-3614",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-11T21:29:00.323",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74444"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032188"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-15-011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-15-011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/92458
cve@mitre.orghttp://www.securitytracker.com/id/1036550
af854a3a-2127-422b-91ae-364da2661108http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92458
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036550
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.0
fortinet fortimanager_firmware 5.0.1
fortinet fortimanager_firmware 5.0.2
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.0.11
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager_firmware 5.2.2
fortinet fortimanager_firmware 5.2.3
fortinet fortimanager_firmware 5.2.4
fortinet fortimanager_firmware 5.2.5
fortinet fortimanager_firmware 5.4.0
fortinet fortianalyzer_firmware 5.0.0
fortinet fortianalyzer_firmware 5.0.2
fortinet fortianalyzer_firmware 5.0.3
fortinet fortianalyzer_firmware 5.0.4
fortinet fortianalyzer_firmware 5.0.5
fortinet fortianalyzer_firmware 5.0.6
fortinet fortianalyzer_firmware 5.0.7
fortinet fortianalyzer_firmware 5.0.8
fortinet fortianalyzer_firmware 5.0.9
fortinet fortianalyzer_firmware 5.0.10
fortinet fortianalyzer_firmware 5.0.11
fortinet fortianalyzer_firmware 5.0.12
fortinet fortianalyzer_firmware 5.2.0
fortinet fortianalyzer_firmware 5.2.1
fortinet fortianalyzer_firmware 5.2.2
fortinet fortianalyzer_firmware 5.2.3
fortinet fortianalyzer_firmware 5.2.4
fortinet fortianalyzer_firmware 5.2.5
fortinet fortianalyzer_firmware 5.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D281C46-3C6A-4ABA-B25C-1FA623F78566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C235585-4228-43B3-B2BB-06563B67F9E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "378DE593-6514-4111-95DF-C881E163E6D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAD4CF6-6654-4BCC-8EC4-5B11AF81C123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEC6473-536E-4ADB-9BD1-8A75846A039E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "799DA4F4-F5DD-4D56-ACC0-C28891C27A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD6F2AF-F98F-4113-94D8-1F3D26702D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BBA50-058A-4D8D-884A-83A818B90622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "042001D0-4E10-488F-AB01-AFEB23D78C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "728F1AAE-6156-443B-A5DA-990538432389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43C2347-D6F3-40A6-8E00-DD31F11A84BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48CA4D3-FBD6-4048-8FFB-C0A874402E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9636D8-7C3B-4504-9D1C-01AC471EAFAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC123643-C9EE-40BF-B6F5-CE942F0A474E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la aplicaci\u00f3n web del dispositivo en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12, 5.2.x en versiones anteriores a 5.2.6 y 5.4.x en versiones anteriores a 5.4.1 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13, 5.2.x en versiones anteriores a 5.2.6 y 5.4.x en versiones anteriores a 5.4.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-3193",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-19T21:59:05.463",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/92458"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1036550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036550"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-11 21:29
Modified
2025-04-20 01:37
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
References
cve@mitre.orghttp://www.securityfocus.com/bid/74444
cve@mitre.orghttp://www.securitytracker.com/id/1032188Third Party Advisory, VDB Entry
cve@mitre.orghttps://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74444
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032188Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager_2000e -
fortinet fortimanager_200d -
fortinet fortimanager_3000f -
fortinet fortimanager_300e -
fortinet fortimanager_3900e -
fortinet fortimanager_400e -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F721DFB2-5ABA-48B9-943E-30A143EAC28E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF33648-375E-4BE8-AEB9-6348370A0362",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF0F28C8-34F7-4B42-BC89-D79D912C314B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A488B2-735F-4BC5-BC06-28330E4226C4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9FC4D8-A8F5-4BF2-BFE7-0DCF813A0A98",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD6CB6E-760E-4742-847A-EF4261288FB7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios mediante vectores que implican par\u00e1metros sin especificar y un ataque de escalado de privilegios."
    }
  ],
  "id": "CVE-2015-3615",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-11T21:29:00.370",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74444"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032188"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-15-011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-15-011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2025-04-12 10:46
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerabilityVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/92456
cve@mitre.orghttp://www.securitytracker.com/id/1036550
af854a3a-2127-422b-91ae-364da2661108http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerabilityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92456
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036550
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.0
fortinet fortimanager_firmware 5.0.1
fortinet fortimanager_firmware 5.0.2
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.0.11
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager_firmware 5.2.2
fortinet fortimanager_firmware 5.2.3
fortinet fortimanager_firmware 5.2.4
fortinet fortimanager_firmware 5.2.5
fortinet fortianalyzer_firmware 5.0.0
fortinet fortianalyzer_firmware 5.0.2
fortinet fortianalyzer_firmware 5.0.3
fortinet fortianalyzer_firmware 5.0.4
fortinet fortianalyzer_firmware 5.0.5
fortinet fortianalyzer_firmware 5.0.6
fortinet fortianalyzer_firmware 5.0.7
fortinet fortianalyzer_firmware 5.0.8
fortinet fortianalyzer_firmware 5.0.9
fortinet fortianalyzer_firmware 5.0.10
fortinet fortianalyzer_firmware 5.0.11
fortinet fortianalyzer_firmware 5.0.12
fortinet fortianalyzer_firmware 5.2.0
fortinet fortianalyzer_firmware 5.2.1
fortinet fortianalyzer_firmware 5.2.2
fortinet fortianalyzer_firmware 5.2.3
fortinet fortianalyzer_firmware 5.2.4
fortinet fortianalyzer_firmware 5.2.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D281C46-3C6A-4ABA-B25C-1FA623F78566",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "378DE593-6514-4111-95DF-C881E163E6D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAD4CF6-6654-4BCC-8EC4-5B11AF81C123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEC6473-536E-4ADB-9BD1-8A75846A039E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "799DA4F4-F5DD-4D56-ACC0-C28891C27A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD6F2AF-F98F-4113-94D8-1F3D26702D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BBA50-058A-4D8D-884A-83A818B90622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "042001D0-4E10-488F-AB01-AFEB23D78C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "728F1AAE-6156-443B-A5DA-990538432389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43C2347-D6F3-40A6-8E00-DD31F11A84BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48CA4D3-FBD6-4048-8FFB-C0A874402E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9636D8-7C3B-4504-9D1C-01AC471EAFAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la p\u00e1gina de direcci\u00f3n de agregado en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-3194",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-19T21:59:06.430",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/92456"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1036550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036550"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-16 20:29
Modified
2024-11-21 03:18
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
References
psirt@fortinet.comhttp://www.securitytracker.com/id/1041246Third Party Advisory, VDB Entry
psirt@fortinet.comhttp://www.securitytracker.com/id/1041247Third Party Advisory, VDB Entry
psirt@fortinet.comhttps://fortiguard.com/advisory/FG-IR-17-305Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041246Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041247Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://fortiguard.com/advisory/FG-IR-17-305Vendor Advisory
Impacted products
Vendor Product Version
fortinet fortianalyzer_firmware *
fortinet fortianalyzer_firmware 6.0.0
fortinet fortimanager_firmware *
fortinet fortimanager_firmware 6.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14395CC2-7264-4F1C-BB71-BA70BB97980F",
              "versionEndIncluding": "5.6.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC9E13C1-4CEC-45FD-B7BE-207537565BBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBC8DBF-8BC5-4DD8-A724-985DE305EA04",
              "versionEndIncluding": "5.6.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E0D6CE-4731-4A1E-BFEE-E57EEF25F63B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en Fortinet FortiManager 6.0.0, 5.6.4 y anteriores y FortiAnalyzer 6.0.0, 5.6.4 y anteriores permite inyectar c\u00f3digo JavaScript y etiquetas HTML mediante el valor CN de los certificados CA y CRL mediante la caracter\u00edstica de importaci\u00f3n de certificados CA y CRL."
    }
  ],
  "id": "CVE-2017-17541",
  "lastModified": "2024-11-21T03:18:08.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-16T20:29:00.270",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041246"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041247"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-17-305"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-11 21:29
Modified
2025-04-20 01:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
References
cve@mitre.orghttp://www.securityfocus.com/bid/74444
cve@mitre.orghttp://www.securitytracker.com/id/1032188Third Party Advisory, VDB Entry
cve@mitre.orghttps://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74444
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032188Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.0
fortinet fortimanager_firmware 5.0.1
fortinet fortimanager_firmware 5.0.2
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager_2000e -
fortinet fortimanager_200d -
fortinet fortimanager_3000f -
fortinet fortimanager_300e -
fortinet fortimanager_3900e -
fortinet fortimanager_400e -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F721DFB2-5ABA-48B9-943E-30A143EAC28E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF33648-375E-4BE8-AEB9-6348370A0362",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF0F28C8-34F7-4B42-BC89-D79D912C314B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37A488B2-735F-4BC5-BC06-28330E4226C4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9FC4D8-A8F5-4BF2-BFE7-0DCF813A0A98",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BD6CB6E-760E-4742-847A-EF4261288FB7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos ejecuten comandos arbitrarios mediante par\u00e1metros sin especificar."
    }
  ],
  "id": "CVE-2015-3616",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-11T21:29:00.447",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74444"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032188"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-15-011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-15-011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-08-05 14:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
References
cve@mitre.orghttp://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerabilityVendor Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2016/Aug/4Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securityfocus.com/archive/1/539069/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/92203Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1036550
cve@mitre.orghttp://www.securitytracker.com/id/1036551Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vulnerability-lab.com/get_content.php?id=1687Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerabilityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2016/Aug/4Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/539069/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92203Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036550
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036551Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vulnerability-lab.com/get_content.php?id=1687Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager_firmware 5.2.2
fortinet fortimanager_firmware 5.2.3
fortinet fortimanager_firmware 5.2.4
fortinet fortimanager_firmware 5.2.5
fortinet fortianalyzer_firmware 5.0.0
fortinet fortianalyzer_firmware 5.0.1
fortinet fortianalyzer_firmware 5.0.4
fortinet fortianalyzer_firmware 5.0.5
fortinet fortianalyzer_firmware 5.0.10
fortinet fortianalyzer_firmware 5.2.0
fortinet fortianalyzer_firmware 5.2.1
fortinet fortianalyzer_firmware 5.2.2
fortinet fortianalyzer_firmware 5.2.3
fortinet fortianalyzer_firmware 5.2.4
fortinet fortianalyzer_firmware 5.2.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D281C46-3C6A-4ABA-B25C-1FA623F78566",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EBA54E4-E824-4F68-94BF-D70F5A51B40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43C2347-D6F3-40A6-8E00-DD31F11A84BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48CA4D3-FBD6-4048-8FFB-C0A874402E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9636D8-7C3B-4504-9D1C-01AC471EAFAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Fortinet FortiAnalyzer 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del nombre de archivo de una imagen cargada en la secci\u00f3n del informe."
    }
  ],
  "id": "CVE-2016-3196",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-05T14:59:06.547",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Aug/4"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92203"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1036550"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036551"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Aug/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/92203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-05-27 00:29
Modified
2025-04-20 01:37
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
References
psirt@fortinet.comhttp://www.securityfocus.com/bid/98557Third Party Advisory, VDB Entry
psirt@fortinet.comhttp://www.securitytracker.com/id/1038539
psirt@fortinet.comhttp://www.securitytracker.com/id/1038540
psirt@fortinet.comhttps://fortiguard.com/psirt/FG-IR-17-014Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98557Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038539
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038540
af854a3a-2127-422b-91ae-364da2661108https://fortiguard.com/psirt/FG-IR-17-014Vendor Advisory
Impacted products
Vendor Product Version
fortinet fortianalyzer_firmware 5.4.0
fortinet fortianalyzer_firmware 5.4.1
fortinet fortianalyzer_firmware 5.4.2
fortinet fortimanager_firmware 5.4.0
fortinet fortimanager_firmware 5.4.1
fortinet fortimanager_firmware 5.4.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC123643-C9EE-40BF-B6F5-CE942F0A474E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDBCBC4B-ECCB-467D-8CB1-D017C5DCB3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9CD11DF-36F4-4761-92AC-5F01F965B02A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C235585-4228-43B3-B2BB-06563B67F9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B760F3B0-C81A-4B53-8D1E-384834D4A594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "43BF2F41-32BB-4C64-A9A2-62FB61B7D318",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Redireccionamiento Abierto en FortiAnalyzer versiones desde 5.4.0 hasta 5.4.2 y FortiManager versiones desde 5.4.0 hasta 5.4.2 de Fortinet, permite a un atacante ejecutar c\u00f3digo o comandos no autorizados por medio del par\u00e1metro next."
    }
  ],
  "id": "CVE-2017-3126",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-27T00:29:00.973",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98557"
    },
    {
      "source": "psirt@fortinet.com",
      "url": "http://www.securitytracker.com/id/1038539"
    },
    {
      "source": "psirt@fortinet.com",
      "url": "http://www.securitytracker.com/id/1038540"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-17-014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-17-014"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-05-12 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://seclists.org/fulldisclosure/2015/May/13Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.fortiguard.com/advisory/FG-IR-15-005/Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/535452/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/74646Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1032262Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/May/13Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.fortiguard.com/advisory/FG-IR-15-005/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/535452/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74646Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032262Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortianalyzer_firmware 5.0.0
fortinet fortianalyzer_firmware 5.0.1
fortinet fortianalyzer_firmware 5.0.10
fortinet fortianalyzer_firmware 5.2.0
fortinet fortianalyzer_firmware 5.2.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EBA54E4-E824-4F68-94BF-D70F5A51B40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la p\u00e1gina de los informes de dataset avanzados en Fortinet FortiAnalyzer 5.0.0 hasta 5.0.10 y 5.2.0 hasta 5.2.1 y FortiManager 5.0.3 hasta 5.0.10 y 5.2.0 hasta 5.2.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-3620",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-05-12T19:59:23.043",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/May/13"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74646"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/May/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032262"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2025-04-12 10:46
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
cve@mitre.orghttp://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerabilityVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/92453
cve@mitre.orghttp://www.securitytracker.com/id/1036550
af854a3a-2127-422b-91ae-364da2661108http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerabilityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92453
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036550
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.0
fortinet fortimanager_firmware 5.0.1
fortinet fortimanager_firmware 5.0.2
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.0.11
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager_firmware 5.2.2
fortinet fortimanager_firmware 5.2.3
fortinet fortimanager_firmware 5.2.4
fortinet fortimanager_firmware 5.2.5
fortinet fortianalyzer_firmware 5.0.0
fortinet fortianalyzer_firmware 5.0.2
fortinet fortianalyzer_firmware 5.0.3
fortinet fortianalyzer_firmware 5.0.4
fortinet fortianalyzer_firmware 5.0.5
fortinet fortianalyzer_firmware 5.0.6
fortinet fortianalyzer_firmware 5.0.7
fortinet fortianalyzer_firmware 5.0.8
fortinet fortianalyzer_firmware 5.0.9
fortinet fortianalyzer_firmware 5.0.10
fortinet fortianalyzer_firmware 5.0.11
fortinet fortianalyzer_firmware 5.0.12
fortinet fortianalyzer_firmware 5.2.0
fortinet fortianalyzer_firmware 5.2.1
fortinet fortianalyzer_firmware 5.2.2
fortinet fortianalyzer_firmware 5.2.3
fortinet fortianalyzer_firmware 5.2.4
fortinet fortianalyzer_firmware 5.2.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D281C46-3C6A-4ABA-B25C-1FA623F78566",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "378DE593-6514-4111-95DF-C881E163E6D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAD4CF6-6654-4BCC-8EC4-5B11AF81C123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEC6473-536E-4ADB-9BD1-8A75846A039E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "799DA4F4-F5DD-4D56-ACC0-C28891C27A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD6F2AF-F98F-4113-94D8-1F3D26702D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BBA50-058A-4D8D-884A-83A818B90622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "042001D0-4E10-488F-AB01-AFEB23D78C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "728F1AAE-6156-443B-A5DA-990538432389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D43C2347-D6F3-40A6-8E00-DD31F11A84BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48CA4D3-FBD6-4048-8FFB-C0A874402E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9636D8-7C3B-4504-9D1C-01AC471EAFAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la Web-UI en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-3195",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-19T21:59:07.430",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/92453"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1036550"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036550"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-11-02 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.
References
cve@mitre.orghttp://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-guiVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-guiVendor Advisory
Impacted products
Vendor Product Version
fortinet fortimanager_firmware *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E363057F-5252-4D5D-BDD2-1AA25B37B4E6",
              "versionEndIncluding": "5.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en la Graphical User Interface (GUI) en Fortinet FortiManager en versiones anteriores a 5.2.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) SOMVpnSSLPortalDialog o (2) FGDMngUpdHistory."
    }
  ],
  "id": "CVE-2015-8037",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-11-02T19:59:17.190",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-13 15:59
Modified
2025-04-20 01:37
Severity ?
7.4 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
References
psirt@fortinet.comhttp://www.securityfocus.com/bid/96157Third Party Advisory, VDB Entry
psirt@fortinet.comhttp://www.securitytracker.com/id/1037805
psirt@fortinet.comhttps://fortiguard.com/advisory/FG-IR-16-055Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96157Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037805
af854a3a-2127-422b-91ae-364da2661108https://fortiguard.com/advisory/FG-IR-16-055Vendor Advisory
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.0.11
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager_firmware 5.2.2
fortinet fortimanager_firmware 5.2.3
fortinet fortimanager_firmware 5.2.4
fortinet fortimanager_firmware 5.2.6
fortinet fortimanager_firmware 5.2.7
fortinet fortimanager_firmware 5.4.0
fortinet fortimanager_firmware 5.4.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A9B31D5-E000-4378-A030-D3B47C6D1740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CF01200-2392-43E7-9682-80CF1A235409",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C235585-4228-43B3-B2BB-06563B67F9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B760F3B0-C81A-4B53-8D1E-384834D4A594",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de validaci\u00f3n de certificado incorrecto en Fortinet FortiManager 5.0.6 hasta la versi\u00f3n 5.2.7 y 5.4.0 hasta la versi\u00f3n 5.4.1 permite a atacantes remotos suplantar una entidad de confianza utilizando un ataque man-in-the-middle (MITM) a trav\u00e9s de la funcionalidad de sondeo de dispositivos Fortisandbox."
    }
  ],
  "id": "CVE-2016-8495",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-13T15:59:00.167",
  "references": [
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96157"
    },
    {
      "source": "psirt@fortinet.com",
      "url": "http://www.securitytracker.com/id/1037805"
    },
    {
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-16-055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/advisory/FG-IR-16-055"
    }
  ],
  "sourceIdentifier": "psirt@fortinet.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-11-02 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.
References
cve@mitre.orghttp://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-guiVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-guiVendor Advisory
Impacted products
Vendor Product Version
fortinet fortimanager_firmware *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E363057F-5252-4D5D-BDD2-1AA25B37B4E6",
              "versionEndIncluding": "5.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en la Graphical User Interface (GUI) en Fortinet FortiManager en versiones anteriores a 5.2.4 permiten a atacantes remotos inyectar comandos web arbitrarios o HTML a trav\u00e9s de (1) sharedjobmanager o (2) SOMServiceObjDialog."
    }
  ],
  "id": "CVE-2015-8038",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-11-02T19:59:18.173",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-22 15:29
Modified
2025-04-20 01:37
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
References
cve@mitre.orghttp://www.securityfocus.com/bid/74444Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id/1032188Third Party Advisory, VDB Entry
cve@mitre.orghttps://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74444Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032188Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://fortiguard.com/psirt/FG-IR-15-011Vendor Advisory
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.0
fortinet fortimanager_firmware 5.0.1
fortinet fortimanager_firmware 5.0.2
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands."
    },
    {
      "lang": "es",
      "value": "Fortinet FortiManager 5.0 en versiones anteriores a la 5.0.11 y 5.2 en versiones anteriores a la 5.2.2 permite que usuarios locales obtengan privilegios mediante comandos CLI manipulados."
    }
  ],
  "id": "CVE-2015-3617",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-22T15:29:00.290",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74444"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032188"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-15-011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.com/psirt/FG-IR-15-011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-10-07 14:59
Modified
2025-04-12 10:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
References
cve@mitre.orghttp://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filtersVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/93413
cve@mitre.orghttp://www.securitytracker.com/id/1036981
cve@mitre.orghttp://www.securitytracker.com/id/1036982
af854a3a-2127-422b-91ae-364da2661108http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filtersVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93413
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036981
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036982
Impacted products
Vendor Product Version
fortinet fortimanager_firmware 5.0.0
fortinet fortimanager_firmware 5.0.1
fortinet fortimanager_firmware 5.0.2
fortinet fortimanager_firmware 5.0.3
fortinet fortimanager_firmware 5.0.4
fortinet fortimanager_firmware 5.0.5
fortinet fortimanager_firmware 5.0.6
fortinet fortimanager_firmware 5.0.7
fortinet fortimanager_firmware 5.0.8
fortinet fortimanager_firmware 5.0.9
fortinet fortimanager_firmware 5.0.10
fortinet fortimanager_firmware 5.0.11
fortinet fortimanager_firmware 5.2.0
fortinet fortimanager_firmware 5.2.1
fortinet fortimanager -
fortinet fortianalyzer_firmware 5.0.0
fortinet fortianalyzer_firmware 5.0.1
fortinet fortianalyzer_firmware 5.0.2
fortinet fortianalyzer_firmware 5.0.3
fortinet fortianalyzer_firmware 5.0.4
fortinet fortianalyzer_firmware 5.0.5
fortinet fortianalyzer_firmware 5.0.6
fortinet fortianalyzer_firmware 5.0.7
fortinet fortianalyzer_firmware 5.0.8
fortinet fortianalyzer_firmware 5.0.9
fortinet fortianalyzer_firmware 5.0.10
fortinet fortianalyzer_firmware 5.0.11
fortinet fortianalyzer_firmware 5.0.12
fortinet fortianalyzer_firmware 5.2.0
fortinet fortianalyzer_firmware 5.2.1
fortinet fortianalyzer_firmware 5.2.2
fortinet fortianalyzer -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:fortimanager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A46415B-E9D2-463D-AE16-D51DEEC23690",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EBA54E4-E824-4F68-94BF-D70F5A51B40F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "378DE593-6514-4111-95DF-C881E163E6D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAD4CF6-6654-4BCC-8EC4-5B11AF81C123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FEC6473-536E-4ADB-9BD1-8A75846A039E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "799DA4F4-F5DD-4D56-ACC0-C28891C27A57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD6F2AF-F98F-4113-94D8-1F3D26702D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BBA50-058A-4D8D-884A-83A818B90622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "042001D0-4E10-488F-AB01-AFEB23D78C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "728F1AAE-6156-443B-A5DA-990538432389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fortinet:fortianalyzer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "156CCFE2-8ED2-417E-8A32-C3AB1DD97C8B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la p\u00e1gina de configuraci\u00f3n avanzada en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.3, en los modelos de hardware con un disco duro y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con filtros de informe."
    }
  ],
  "id": "CVE-2015-7363",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-07T14:59:02.677",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/93413"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1036981"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1036982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036982"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}