cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-35280,https://securityvulnerability.io/vulnerability/CVE-2024-35280,Cross-Site Scripting Vulnerability in Fortinet FortiDeceptor,"An improper neutralization of input during web page generation in Fortinet's FortiDeceptor can lead to a reflected cross-site scripting attack. This vulnerability allows an attacker to manipulate recovery endpoints, potentially executing malicious scripts in the context of the victim's browser, thereby compromising user data and system integrity. The affected versions of FortiDeceptor include all versions of 3.x, 4.x, 5.0, 5.1 and specific versions 5.2.0 and 5.3.0. To mitigate the risks, users are advised to apply the recommended patches and implement necessary security measures.",Fortinet,Fortideceptor,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-15T10:07:14.953Z,0
CVE-2022-27487,https://securityvulnerability.io/vulnerability/CVE-2022-27487,Improper Privilege Management in Fortinet FortiSandbox and FortiDeceptor,"The vulnerability identified in Fortinet's FortiSandbox and FortiDeceptor products exposes them to the risk of unauthorized API calls. Remote authenticated attackers can exploit this weakness by sending carefully crafted HTTP or HTTPS requests. This flaw could lead to significant security concerns, as it undermines the integrity of the permission mechanisms, potentially allowing unauthorized actions within the affected systems.",Fortinet,"Fortideceptor,Fortisandbox",8.3,HIGH,0.002240000059828162,false,,false,false,false,,,false,false,,2023-04-11T16:06:58.797Z,0
CVE-2023-26209,https://securityvulnerability.io/vulnerability/CVE-2023-26209,Improper Authentication Limitations in Fortinet FortiDeceptor Product,"An improper restriction of excessive authentication attempts in Fortinet FortiDeceptor allows remote unauthenticated attackers to send numerous HTTP requests to the login form. This can lead to partial exhaustion of the system's CPU and memory resources, potentially disrupting its availability. Organizations using FortiDeceptor 3.1.x and earlier versions should take immediate action to patch this vulnerability to mitigate the impact of such attacks.",Fortinet,Fortideceptor,3.5,LOW,0.0014299999456852674,false,,false,false,false,,,false,false,,2023-03-09T15:15:00.000Z,0
CVE-2022-30305,https://securityvulnerability.io/vulnerability/CVE-2022-30305,Insufficient Logging Vulnerability in FortiSandbox and FortiDeceptor Products,"An insufficient logging vulnerability exists in specific versions of FortiSandbox and FortiDeceptor that could allow attackers to repeatedly enter incorrect credentials without any log entry being generated. This flaw also permits an unlimited number of failed login attempts, which potentially enables unauthorized access to systems. As a result, it is imperative for users to assess their security posture and implement necessary safeguards to mitigate this risk.",Fortinet,"Fortisandbox,Fortideceptor",3.6,LOW,0.0014299999456852674,false,,false,false,false,,,false,false,,2022-12-06T16:00:54.500Z,0
CVE-2022-38373,https://securityvulnerability.io/vulnerability/CVE-2022-38373,Cross-Site Scripting Vulnerability in FortiDeceptor Management Interface by Fortinet,"A vulnerability has been identified in the FortiDeceptor management interface where improper neutralization of input can lead to cross-site scripting (XSS) attacks. Authenticated users exploiting this flaw can send requests containing specially crafted lure resource IDs, potentially compromising the integrity of the web application and exposing sensitive information.",Fortinet,Fortinet Fortideceptor,8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-30302,https://securityvulnerability.io/vulnerability/CVE-2022-30302,Multiple Path Traversal Vulnerabilities in FortiDeceptor Management Interface,"FortiDeceptor contains multiple vulnerabilities allowing remote and authenticated attackers to exploit relative path traversal. This can enable unauthorized access to sensitive files and the ability to remove arbitrary files from the system. Attackers may leverage specially crafted web requests to manipulate file paths, posing significant risks to system integrity and data confidentiality.",Fortinet,Fortinet Fortideceptor,6.5,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-07-19T14:15:00.000Z,0
CVE-2020-29017,https://securityvulnerability.io/vulnerability/CVE-2020-29017,OS Command Injection Vulnerability in FortiDeceptor by Fortinet,"FortiDeceptor versions 3.1.0, 3.0.1, and 3.0.0 contain an OS command injection vulnerability that may allow an authenticated remote attacker to execute arbitrary commands on the affected system. This can be exploited through the Customization page, potentially leading to unauthorized access and control over the system.",Fortinet,Fortinet Fortideceptor,8.8,HIGH,0.002400000113993883,false,,false,false,false,,,false,false,,2021-01-14T16:03:12.000Z,0
CVE-2020-6644,https://securityvulnerability.io/vulnerability/CVE-2020-6644,,"An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.",Fortinet,Fortinet Fortideceptor,8.1,HIGH,0.002219999907538295,false,,false,false,false,,,false,false,,2020-06-22T15:23:43.000Z,0