Dataproof Communications

CVSSv3 Score: 5.3 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FortiSandbox may allow an attacker to perform an XSS attack via crafted HTTP requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 2.6 An improper access control vulnerability in FortiAuthenticator Web UI may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 7.7 Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities in FortiVoice may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 7.0 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in FortiSandbox may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.9 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in FortiSandbox GUI may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL injection') in FortiVoice may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.7 An OS command injection vulnerabtility in FortiExtender API may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 9.1 An Improper Verification of Cryptographic Signature vulnerability in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager mayallow an unauthenticated attacker to bypass the FortiCloud SSO loginauthentication via a crafted SAML message, if that feature is enabled on the device.Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an...

CVSSv3 Score: 2.6 A Direct Request ('Forced Browsing') vulnerability in FortiAuthenticator logs may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 5.3 An Insufficient Session Expiration vulnerability in FortiOS SSLVPN may allow an attacker to maintain access to network resources via an active session not terminated after a user's password change under particular conditions outside of the attacker's control Revised on 2025-12-09 00:00:00 - Read more