Fortinet: >> Fortiweb >> 6.0.0 Security Vulnerabilities
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-28
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-03-20
Page 4