FortiOS/FortiProxy - XSS in reboot page

June 11, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS and FortiProxy reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.

access admin attacker code cross-site cwe fortios fortiproxy http http get input javascript may page privileged reboot requests scripting super vulnerability web xss

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS/FortiProxy - XSS in reboot page 2 weeks, 1 day ago | fortiguard.fortinet.com

access admin attacker code +18

Stack buffer overflow on bluetooth write feature 2 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary code arbitrary code execution attacker bluetooth +14

Blind SQL Injection 2 weeks, 1 day ago | fortiguard.fortinet.com

blind command cwe download +8

Buffer overflow in fgfmd 2 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +15

FortiSOAR is vulnerable to sql injection in Event Auth API via uuid parameter 2 weeks, 1 day ago | fortiguard.fortinet.com

api attacker auth code +14

Multiple buffer overflows in diag npu command 2 weeks, 1 day ago | fortiguard.fortinet.com

attacker buffer buffer overflow buffer overflows +14

TunnelVision - CVE-2024-3661 2 weeks, 1 day ago | fortiguard.fortinet.com

attack attacker aware bypass +18

Weak key derivation for backup file 2 weeks, 1 day ago | fortiguard.fortinet.com

access admin attacker backup +14

Buffer overflow in administrative interface 1 month, 1 week ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +13

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California

View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel

View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN

View on infosec-jobs.com

all InfoSec news

FortiOS/FortiProxy - XSS in reboot page

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Information Technology Specialist I: Windows Engineer

Information Technology Specialist I, LACERA: Information Security Engineer

Vice President, Controls Design & Development-7

Vice President, Controls Design & Development-5

Data Scientist & AI Prompt Engineer

Contractor