cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-35851,https://securityvulnerability.io/vulnerability/CVE-2022-35851,Stored Cross-Site Scripting in FortiADC Management Interface,"A vulnerability exists in the FortiADC management interface, specifically in version 7.1.0, where improper input neutralization can allow an authenticated remote attacker to execute a stored cross-site scripting (XSS) attack. By manipulating the configuration of a specially crafted IP address, attackers can inject malicious scripts that may compromise user data and affect the integrity of the web application. This poses a significant security risk by enabling attackers to exploit affected systems.",Fortinet,Fortinet Fortiadc,8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-38381,https://securityvulnerability.io/vulnerability/CVE-2022-38381,Improper Request Handling Vulnerability in FortiADC by Fortinet,"A vulnerability exists in FortiADC that stems from improper handling of malformed HTTP requests. This flaw may allow remote attackers, without necessary privileges, to bypass essential Web Application Firewall (WAF) protections, including those specifically designed to guard against SQL Injection and Cross-Site Scripting (XSS) attacks. The affected versions span several releases of FortiADC, thereby potentially exposing a wide range of deployments to security risks. For more details, refer to the official Fortinet advisory.",Fortinet,Fortinet Fortiadc,5.3,MEDIUM,0.001769999973475933,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-38374,https://securityvulnerability.io/vulnerability/CVE-2022-38374,Cross-Site Scripting Vulnerability in Fortinet FortiADC,"The Fortinet FortiADC experiences a cross-site scripting vulnerability due to improper input handling during web page generation. This flaw affects versions 7.0.0 through 7.0.2 and 6.2.0 through 6.2.4, allowing attackers to manipulate URL and User fields observed in traffic logs. As a result, unauthorized code or commands may be executed, posing significant risks to web security and data integrity. Organizations utilizing FortiADC should assess their systems and apply necessary patches to mitigate this vulnerability.",Fortinet,Fortinet Fortiadc,8.8,HIGH,0.0007200000109151006,false,,false,false,true,2023-03-03T18:43:02.000Z,true,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-22299,https://securityvulnerability.io/vulnerability/CVE-2022-22299,Format String Vulnerability in Fortinet Products,"A format string vulnerability exists in the command line interpreter of multiple Fortinet products, including FortiADC, FortiOS, FortiProxy, and FortiMail. This vulnerability allows an authenticated user to exploit the issue by sending specially crafted command arguments, potentially leading to unauthorized code execution or command execution on the affected systems. This poses a significant risk to the integrity and security of the network environment, making it essential for users to ensure that all affected products are updated to secure versions.",Fortinet,"Fortinet Fortiadc, Fortiproxy, Fortimail, FortiOS",7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-08-05T15:23:52.000Z,0
CVE-2022-27484,https://securityvulnerability.io/vulnerability/CVE-2022-27484,Unverified Password Change in Fortinet FortiADC Affects Multiple Versions,"The vulnerability in Fortinet FortiADC allows an authenticated attacker to exploit the password change functionality. By sending a specially crafted HTTP request, the attacker can bypass the Old Password verification step, leading to potential unauthorized access to user accounts. This flaw affects multiple versions of FortiADC, making it critical for users to apply recommended patches and updates to secure their systems.",Fortinet,Fortinet Fortiadc,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-08-03T13:20:10.000Z,0
CVE-2022-26120,https://securityvulnerability.io/vulnerability/CVE-2022-26120,SQL Injection Vulnerabilities in Fortinet FortiADC Management Interface,"Multiple instances of improper neutralization of special elements used in SQL commands within the FortiADC management interface could permit an authenticated attacker to execute unauthorized code or commands. This vulnerability arises when specially crafted HTTP requests are sent to exploit the affected versions of FortiADC, potentially compromising the integrity and confidentiality of the system. Active mitigation measures are necessary to safeguard against potential exploitation.",Fortinet,Fortinet Fortiadc,5.4,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2022-07-18T16:41:00.000Z,0
CVE-2020-15935,https://securityvulnerability.io/vulnerability/CVE-2020-15935,Cleartext Storage Vulnerability in FortiADC by Fortinet,"In FortiADC versions 5.4.3 and lower, as well as 6.0.0 and lower, sensitive information is stored in cleartext within the graphical user interface. This design flaw may allow a remote authenticated attacker to exploit the system and retrieve sensitive data such as LDAP passwords and RADIUS shared secrets. The attacker can achieve this by deobfuscating the password entry fields. Organizations should address this vulnerability promptly to safeguard their sensitive information.",Fortinet,Fortinet Fortiadc,4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-11-02T19:00:53.000Z,0
CVE-2021-24024,https://securityvulnerability.io/vulnerability/CVE-2021-24024,Clear Text Storage Vulnerability in FortiADC and FortiADCManager,"FortiADCManager and FortiADC products are vulnerable due to the storage of sensitive information in log files in clear text, allowing remote authenticated attackers to access other local users' passwords. This flaw exists in versions 5.3.0 and below, 5.2.1 and below for FortiADCManager, and version 5.3.7 and below for FortiADC, posing risks related to privacy and data integrity.",Fortinet,"Fortinet Fortiadcmanager, Fortiadc",4.3,MEDIUM,0.0011899999808520079,false,,false,false,false,,,false,false,,2021-04-12T14:12:48.000Z,0
CVE-2020-6647,https://securityvulnerability.io/vulnerability/CVE-2020-6647,,An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.,Fortinet,Fortinet Fortiadc,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-04-07T18:41:40.000Z,0
CVE-2019-6699,https://securityvulnerability.io/vulnerability/CVE-2019-6699,,An improper neutralization of input vulnerability in Fortinet FortiADC 5.3.3 and earlier may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.,Fortinet,Fortinet Fortiadc,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-03-13T15:06:42.000Z,0
CVE-2018-13374,https://securityvulnerability.io/vulnerability/CVE-2018-13374,,"A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.",Fortinet,"Fortinet FortiOS, Fortiadc",4.3,MEDIUM,0.026270000264048576,true,2022-09-08T00:00:00.000Z,false,true,true,2022-09-08T00:00:00.000Z,,false,false,,2019-01-22T14:00:00.000Z,0