Fortinet: >> Fortiweb >> 7.0.3 Security Vulnerabilities
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-04-11
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.
CVSS Score
7.0
EPSS Score
0.001
Published
2023-02-27
A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands
CVSS Score
7.8
EPSS Score
0.001
Published
2023-02-16
Page 4