XSS in service requests
An Improper neutralization of input during web page generation (‘cross-site scripting’) vulnerability [CWE-79] in FortiSOAR WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored...
Read MoreAn Improper neutralization of input during web page generation (‘cross-site scripting’) vulnerability [CWE-79] in FortiSOAR WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored...
Read MoreAn improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow an authenticated privileged attacker to execute unauthorized code or commands...
Read MoreCybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the...
Read MoreA improper neutralization of special elements used in an os command (‘os command injection’) vulnerability [CWE-78] in FortiWeb CLI may allow a privileged attacker to execute arbitrary code or command via crafted CLI...
Read MoreA double free vulnerability [CWE-415] in FortiOS, FortiProxy & FortiPAM administrative interfaces may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. Revised on 2025-08-12...
Read More