cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-38373,https://securityvulnerability.io/vulnerability/CVE-2022-38373,Cross-Site Scripting Vulnerability in FortiDeceptor Management Interface by Fortinet,"A vulnerability has been identified in the FortiDeceptor management interface where improper neutralization of input can lead to cross-site scripting (XSS) attacks. Authenticated users exploiting this flaw can send requests containing specially crafted lure resource IDs, potentially compromising the integrity of the web application and exposing sensitive information.",Fortinet,Fortinet Fortideceptor,8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-30302,https://securityvulnerability.io/vulnerability/CVE-2022-30302,Multiple Path Traversal Vulnerabilities in FortiDeceptor Management Interface,"FortiDeceptor contains multiple vulnerabilities allowing remote and authenticated attackers to exploit relative path traversal. This can enable unauthorized access to sensitive files and the ability to remove arbitrary files from the system. Attackers may leverage specially crafted web requests to manipulate file paths, posing significant risks to system integrity and data confidentiality.",Fortinet,Fortinet Fortideceptor,6.5,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-07-19T14:15:00.000Z,0
CVE-2020-29017,https://securityvulnerability.io/vulnerability/CVE-2020-29017,OS Command Injection Vulnerability in FortiDeceptor by Fortinet,"FortiDeceptor versions 3.1.0, 3.0.1, and 3.0.0 contain an OS command injection vulnerability that may allow an authenticated remote attacker to execute arbitrary commands on the affected system. This can be exploited through the Customization page, potentially leading to unauthorized access and control over the system.",Fortinet,Fortinet Fortideceptor,8.8,HIGH,0.002400000113993883,false,,false,false,false,,,false,false,,2021-01-14T16:03:12.000Z,0
CVE-2020-6644,https://securityvulnerability.io/vulnerability/CVE-2020-6644,,"An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.",Fortinet,Fortinet Fortideceptor,8.1,HIGH,0.002219999907538295,false,,false,false,false,,,false,false,,2020-06-22T15:23:43.000Z,0