CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Fortinet: >> Fortinac >> 9.4.3 Security Vulnerabilities

CVE-2023-33300

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server communication port.

CVSS Score

5.3

EPSS Score

0.075

Published

2025-03-14

CVE-2024-31488

An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.

CVSS Score

6.8

EPSS Score

0.005

Published

2024-05-14

Page 1

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortinac >> 9.4.3 Security Vulnerabilities

Products

Pricing

Contact Us