threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fortinet fortiweb
Product
fortinet fortiweb
124 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-40688
>= 7.4.0 and < 7.4.12
An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.
7.2
HIGH
CVE-2026-39814
>= 7.0.10 and <= 7.0.12
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 thr
6.7
MEDIUM
CVE-2026-39811
>= 7.0.0 and <= 7.0.13
A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.
4.9
MEDIUM
CVE-2026-30897
>= 7.0.0 and < 7.4.12
A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0
6.6
MEDIUM
CVE-2026-24641
>= 7.0.0 and < 7.6.7
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through
2.7
LOW
CVE-2026-24640
>= 7.0.2 and <= 7.0.12
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 throu
6.6
MEDIUM
CVE-2026-24017
>= 7.0.0 and < 7.0.12
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, Forti
8.1
HIGH
CVE-2025-66178
>= 7.0.0 and < 7.0.13
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.
7.2
HIGH
CVE-2025-48840
>= 7.0.0 and < 7.4.9
An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWe
5.3
MEDIUM
CVE-2026-24858
>= 7.4.0 and <= 7.4.11
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0
9.8
CRITICAL
CVE-2025-64471
>= 7.0.0 and <= 7.0.11
A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 thr
4.9
MEDIUM
CVE-2025-64447
>= 7.0.0 and <= 7.0.11
A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7
8.1
HIGH
CVE-2025-59719
>= 7.4.0 and <= 7.4.9
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiW
9.8
CRITICAL
CVE-2025-59669
>= 7.0.0 and < 7.6.1
A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, Fo
5.3
MEDIUM
CVE-2025-58034
>= 7.0.0 and < 7.0.12
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability
7.2
HIGH
CVE-2025-64446
>= 7.0.0 and < 7.0.12
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 thr
9.8
CRITICAL
CVE-2024-47569
>= 6.4.0 and < 7.4.5
A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 throu
4.3
MEDIUM
CVE-2025-53609
>= 7.0.2 and < 7.2.12
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2
4.9
MEDIUM
CVE-2025-52970
>= 7.0.0 and < 7.0.11
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and bel
8.1
HIGH
CVE-2025-47857
>= 7.4.1 and < 7.4.9
A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet Fo
6.7
MEDIUM
CVE-2025-32766
>= 7.4.1 and < 7.4.9
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows
6.4
MEDIUM
CVE-2025-27759
>= 7.0.0 and < 7.0.11
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet F
6.7
MEDIUM
CVE-2025-25257
>= 7.0.0 and < 7.0.11
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fo
9.8
CRITICAL
CVE-2025-22254
>= 7.4.0 and < 7.4.7
An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 thro
6.6
MEDIUM
CVE-2025-25254
>= 7.0.0 and < 7.4.7
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2
7.2
HIGH
CVE-2024-50565
>= 7.4.0 and < 7.4.3
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 th
3.1
LOW
CVE-2024-46671
>= 7.0.0 and < 7.2.11
An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10
6.2
MEDIUM
CVE-2024-26013
>= 7.4.0 and < 7.4.3
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 th
7.5
HIGH
CVE-2023-25610
>= 6.1.0 and < 6.1.4
A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7
9.8
CRITICAL
CVE-2024-55594
>= 7.0.0 and < 7.4.7
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 throu
5.6
MEDIUM
CVE-2022-29059
>= 6.2.3 and <= 6.2.7
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb versio
2.7
LOW
CVE-2024-55597
>= 7.0.0 and < 7.4.6
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0
5.5
MEDIUM
CVE-2024-45324
>= 7.0.0 and < 7.0.11
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through
7.2
HIGH
CVE-2023-42784
>= 7.0.0 and < 7.4.7
An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 throug
5.6
MEDIUM
CVE-2024-50569
>= 7.0.0 and < 7.4.6
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.
6.6
MEDIUM
CVE-2024-50567
>= 7.0.0 and < 7.4.6
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7
7.2
HIGH
CVE-2024-48885
>= 6.4.0 and < 7.4.5
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 thr
5.3
MEDIUM
CVE-2024-55593
>= 6.3.6 and < 7.6.2
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 throug
2.7
LOW
CVE-2024-48884
>= 6.4.0 and < 7.4.5
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 thro
7.5
HIGH
CVE-2024-21758
>= 7.2.0 and < 7.2.8
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged us
6.4
MEDIUM
CVE-2024-36509
>= 6.3.0 and < 7.4.4
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, v
4.2
MEDIUM
CVE-2024-33509
>= 6.3.0 and < 7.2.2
An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and
4.8
MEDIUM
CVE-2024-23665
>= 6.3.0 and <= 6.3.23
Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.
5.9
MEDIUM
CVE-2024-23107
>= 6.3.0 and <= 6.3.23
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and
5.5
MEDIUM
CVE-2023-46713
>= 6.2.0 and <= 6.2.8
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.
5.3
MEDIUM
CVE-2023-34984
>= 6.3.6 and <= 6.3.23
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6
7.5
HIGH
CVE-2023-23777
>= 6.3.6 and <= 6.3.18
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb v
7.2
HIGH
CVE-2023-33305
>= 6.3.0 and <= 6.3.23
A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 th
4.9
MEDIUM
CVE-2022-43955
>= 6.0.0 and <= 6.2.7
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 t
8.8
HIGH
CVE-2022-43948
>= 7.0.0 and < 7.0.4
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 th
6.7
MEDIUM
CVE-2022-39951
>= 6.3.6 and <= 6.3.20
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 th
7.2
HIGH
CVE-2022-22297
>= 6.0.0 and <= 6.0.8
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of Fo
5.5
MEDIUM
CVE-2023-22636
>= 6.3.6 and <= 6.3.21
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4
7.0
HIGH
CVE-2023-25602
>= 5.6.0 and < 5.9.2
A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6
7.8
HIGH
CVE-2023-23784
>= 6.3.6 and < 6.3.21
A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 al
5.7
MEDIUM
CVE-2023-23783
>= 6.4.0 and < 6.4.2
A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows at
6.7
MEDIUM
CVE-2023-23782
>= 6.0.0 and <= 6.2.7
A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4
7.8
HIGH
CVE-2023-23781
>= 6.3.0 and < 6.3.20
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and be
6.4
MEDIUM
CVE-2023-23780
>= 6.3.0 and < 6.3.20
A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fo
8.0
HIGH
CVE-2023-23779
>= 6.3.6 and <= 6.3.19
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Fo
6.8
MEDIUM
CVE-2023-23778
>= 6.2.3 and <= 6.2.7
A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all
4.9
MEDIUM
CVE-2022-40683
>= 7.0.0 and <= 7.0.3
A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via sp
7.8
HIGH
CVE-2022-33871
>= 6.3.6 and < 6.3.20
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and
6.6
MEDIUM
CVE-2022-30306
>= 6.3.6 and < 6.3.20
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all ve
6.6
MEDIUM
CVE-2022-30303
>= 6.3.0 and < 6.3.20
An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through
8.8
HIGH
CVE-2022-30300
>= 6.3.6 and < 6.3.19
A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow
6.5
MEDIUM
CVE-2022-30299
>= 6.0.0 and <= 6.0.8
A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 al
5.3
MEDIUM
CVE-2021-43074
>= 6.0.0 and < 6.3.17
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 al
4.3
MEDIUM
CVE-2021-42761
>= 5.6.0 and < 5.9.2
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0
9.0
CRITICAL
CVE-2021-42756
>= 5.6.0 and < 6.0.8
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below
9.8
CRITICAL
CVE-2022-42471
>= 6.3.6 and <= 6.3.21
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb versi
5.4
MEDIUM
CVE-2021-41026
>= 6.3.0 and < 6.3.16
A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retri
6.5
MEDIUM
CVE-2021-41018
>= 6.2.0 and < 6.2.7
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 an
8.8
HIGH
CVE-2021-36193
>= 5.0.0 and < 6.2.6
Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacke
6.7
MEDIUM
CVE-2021-43073
>= 5.8.0 and < 6.2.7
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 an
8.8
HIGH
CVE-2021-42753
>= 5.8.0 and < 6.3.16
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management in
8.1
HIGH
CVE-2021-43071
>= 6.2.0 and <= 6.2.6
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allow
8.8
HIGH
CVE-2021-36194
>= 6.3.0 and <= 6.3.15
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authe
8.8
HIGH
CVE-2021-41025
>= 6.0.0 and <= 6.0.7
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 t
7.3
HIGH
CVE-2021-41017
>= 6.3.0 and <= 6.3.15
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15
8.8
HIGH
CVE-2021-36195
>= 6.2.0 and <= 6.2.5
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15
4.2
MEDIUM
CVE-2021-41013
>= 6.3.0 and <= 6.3.15
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse
5.3
MEDIUM
CVE-2021-36188
>= 6.0.0 and <= 6.2.5
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and belo
6.1
MEDIUM
CVE-2021-43063
>= 6.2.0 and <= 6.2.6
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.
6.1
MEDIUM
CVE-2021-36190
>= 6.0.0 and <= 6.0.7
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an un
5.5
MEDIUM
CVE-2021-43064
>= 6.2.0 and <= 6.2.6
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, vers
4.3
MEDIUM
CVE-2021-41027
all versions
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthoriz
7.3
HIGH
CVE-2021-41015
all versions
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and belo
6.1
MEDIUM
CVE-2021-41014
>= 6.0.0 and <= 6.0.7
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attac
7.5
HIGH
CVE-2021-36191
>= 6.0.0 and <= 6.0.7
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attack
4.1
MEDIUM
CVE-2021-32591
>= 5.7.0 and <= 5.7.3
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox befor
5.3
MEDIUM
CVE-2021-42757
>= 5.0.0 and <= 6.3.16
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authe
6.7
MEDIUM
CVE-2021-36180
>= 5.8.0 and <= 5.8.6
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6
8.1
HIGH
CVE-2021-36187
>= 6.2.0 and <= 6.2.5
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker
5.3
MEDIUM
CVE-2021-36186
>= 6.2.0 and <= 6.2.5
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to exe
8.8
HIGH
CVE-2021-36175
>= 6.0.0 and < 6.2.4
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow
4.1
MEDIUM
CVE-2021-36182
<= 6.2.4
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and belo
8.8
HIGH
CVE-2021-36179
<= 6.2.4
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthoriz
8.0
HIGH
CVE-2021-22123
>= 5.9.0 and < 6.2.4
An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may
7.6
HIGH
CVE-2020-15942
>= 6.2.0 and <= 6.2.3
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and ver
4.3
MEDIUM
CVE-2021-22122
<= 6.2.3
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.
6.1
MEDIUM
CVE-2020-29019
< 6.2.4
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthent
5.3
MEDIUM
CVE-2020-29018
>= 6.3.0 and <= 6.3.5
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of m
8.8
HIGH
CVE-2020-29016
< 6.2.4
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated,
9.8
CRITICAL
CVE-2020-29015
< 6.2.4
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,
9.8
CRITICAL
CVE-2020-6646
<= 6.2.2
An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross sit
5.4
MEDIUM
CVE-2019-16157
<= 6.2.0
An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive
6.5
MEDIUM
CVE-2019-16156
>= 6.0.0 and <= 6.0.5
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6
6.1
MEDIUM
CVE-2019-5590
<= 6.0.2
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unau
6.1
MEDIUM
CVE-2017-14191
>= 5.6.0 and < 6.1.0
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", al
5.9
MEDIUM
CVE-2012-6346
< 4.4.4
Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script
6.1
MEDIUM
CVE-2017-7736
<= 5.7.1
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, al
5.4
MEDIUM
CVE-2017-7737
<= 5.8.2
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 u
4.9
MEDIUM
CVE-2017-3129
<= 5.7.1
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or
6.1
MEDIUM
CVE-2016-5092
<= 5.5.2
Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write
4.9
MEDIUM
CVE-2016-4066
<= 5.5.2
Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentica
8.8
HIGH
CVE-2014-8619
all versions
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remot
CVE-2014-4738
all versions
Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attac
CVE-2014-3115
<= 5.1.4
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 all
CVE-2014-1957
<= 5.0.2
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2014-1956
<= 5.0.2
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and cond
CVE-2014-1955
<= 5.0.2
Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web scrip
CVE-2014-1458
<= 5.0.3
Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remot
CVE-2013-7181
all versions
Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitra
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin