CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Fortinet: >> Fortiweb >> 6.3.0 Security Vulnerabilities

CVE-2020-29015

A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.

CVSS Score

9.8

EPSS Score

0.015

Published

2021-01-14

CVE-2020-6646

An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.

CVSS Score

5.4

EPSS Score

0.002

Published

2020-03-17

Page 6

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortiweb >> 6.3.0 Security Vulnerabilities

Products

Pricing

Contact Us