Every CVE whose affected-product data names Fortinet Fortiweb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (124)
CVE-2023-25610 — CVSS 9.8 (critical): A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3…
CVE-2021-42756 — CVSS 9.8 (critical): Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and…
CVE-2020-29016 — CVSS 9.8 (critical): A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote…
CVE-2020-29015 — CVSS 9.8 (critical): A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote…
CVE-2025-59719 — CVSS 9.8 (critical): An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0…
CVE-2021-42761 — CVSS 9.0 (critical): A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through…
CVE-2016-4066 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of…
CVE-2021-36194 — CVSS 8.8 (high): Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated…
CVE-2021-41017 — CVSS 8.8 (high): Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may…
CVE-2021-41018 — CVSS 8.8 (high): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below…
CVE-2020-29018 — CVSS 8.8 (high): A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and…
CVE-2021-43071 — CVSS 8.8 (high): A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows…
CVE-2022-43955 — CVSS 8.8 (high): An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through…
CVE-2021-36182 — CVSS 8.8 (high): A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows…
CVE-2021-36186 — CVSS 8.8 (high): A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute…
CVE-2022-30303 — CVSS 8.8 (high): An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1…
CVE-2021-43073 — CVSS 8.8 (high): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0…
CVE-2026-24017 — CVSS 8.1 (high): An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0…
CVE-2025-64447 — CVSS 8.1 (high): A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0…
CVE-2025-52970 — CVSS 8.1 (high): A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and…
CVE-2021-36180 — CVSS 8.1 (high): Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and…
CVE-2021-42753 — CVSS 8.1 (high): An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface…
CVE-2023-23780 — CVSS 8.0 (high): A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet…
CVE-2021-36179 — CVSS 8.0 (high): A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code…
CVE-2022-40683 — CVSS 7.8 (high): A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially…
CVE-2023-23782 — CVSS 7.8 (high): A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all…
CVE-2023-25602 — CVSS 7.8 (high): A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and…
CVE-2021-22123 — CVSS 7.6 (high): An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a…
CVE-2024-48884 — CVSS 7.5 (high): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through…
CVE-2024-26013 — CVSS 7.5 (high): A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through…
CVE-2021-41014 — CVSS 7.5 (high): A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to…
CVE-2023-34984 — CVSS 7.5 (high): A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23…
CVE-2021-41025 — CVSS 7.3 (high): Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through…
CVE-2021-41027 — CVSS 7.3 (high): A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code…
CVE-2025-25254 — CVSS 7.2 (high): An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and…
CVE-2025-66178 — CVSS 7.2 (high): A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0…
CVE-2026-40688 — CVSS 7.2 (high): An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6…
CVE-2023-23777 — CVSS 7.2 (high): An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version…
CVE-2024-50567 — CVSS 7.2 (high): An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0…
CVE-2024-45324 — CVSS 7.2 (high): A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9…
CVE-2022-39951 — CVSS 7.2 (high): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through…
CVE-2023-22636 — CVSS 7.0 (high): An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may…
CVE-2023-23779 — CVSS 6.8 (medium): Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb…
CVE-2014-3115 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote…
CVE-2025-27759 — CVSS 6.7 (medium): An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb…
CVE-2026-39814 — CVSS 6.7 (medium): A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through…
CVE-2023-23783 — CVSS 6.7 (medium): A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to…
CVE-2021-42757 — CVSS 6.7 (medium): A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated…
CVE-2025-47857 — CVSS 6.7 (medium): A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb…
CVE-2022-43948 — CVSS 6.7 (medium): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through…
CVE-2021-36193 — CVSS 6.7 (medium): Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to…
CVE-2026-24640 — CVSS 6.6 (medium): A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6…
CVE-2022-33871 — CVSS 6.6 (medium): A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier…
CVE-2025-22254 — CVSS 6.6 (medium): An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through…
CVE-2024-50569 — CVSS 6.6 (medium): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0…
CVE-2022-30306 — CVSS 6.6 (medium): A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions…
CVE-2026-30897 — CVSS 6.6 (medium): A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through…
CVE-2019-16157 — CVSS 6.5 (medium): An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive…
CVE-2014-1957 — CVSS 6.5 (medium): FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2021-41026 — CVSS 6.5 (medium): A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve…
CVE-2022-30300 — CVSS 6.5 (medium): A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an…
CVE-2023-23781 — CVSS 6.4 (medium): A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML…
CVE-2024-21758 — CVSS 6.4 (medium): A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to…
CVE-2025-32766 — CVSS 6.4 (medium): A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a…
CVE-2024-46671 — CVSS 6.2 (medium): An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and…
CVE-2019-16156 — CVSS 6.1 (medium): An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may…
CVE-2017-3129 — CVSS 6.1 (medium): A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands…
CVE-2012-6346 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML…
CVE-2019-5590 — CVSS 6.1 (medium): The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized…
CVE-2021-22122 — CVSS 6.1 (medium): An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may…
CVE-2021-36188 — CVSS 6.1 (medium): A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15…
CVE-2021-41015 — CVSS 6.1 (medium): A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15…
CVE-2021-43063 — CVSS 6.1 (medium): A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0…
CVE-2024-23665 — CVSS 5.9 (medium): Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and…
CVE-2017-14191 — CVSS 5.9 (medium): An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows…
CVE-2023-23784 — CVSS 5.7 (medium): A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all…
CVE-2024-55594 — CVSS 5.6 (medium): An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10…
CVE-2023-42784 — CVSS 5.6 (medium): An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10…
CVE-2024-55597 — CVSS 5.5 (medium): A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows…
CVE-2024-23107 — CVSS 5.5 (medium): An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below…
CVE-2021-36190 — CVSS 5.5 (medium): A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an…
CVE-2022-22297 — CVSS 5.5 (medium): An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb…
CVE-2022-42471 — CVSS 5.4 (medium): An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0…
CVE-2020-6646 — CVSS 5.4 (medium): An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site…
CVE-2017-7736 — CVSS 5.4 (medium): A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows…
CVE-2023-46713 — CVSS 5.3 (medium): An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may…
CVE-2022-30299 — CVSS 5.3 (medium): A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all…
CVE-2024-48885 — CVSS 5.3 (medium): A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through…
CVE-2021-41013 — CVSS 5.3 (medium): An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section…
CVE-2021-36187 — CVSS 5.3 (medium): A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause…
CVE-2021-32591 — CVSS 5.3 (medium): A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1…
CVE-2025-48840 — CVSS 5.3 (medium): An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all…
CVE-2020-29019 — CVSS 5.3 (medium): A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated…
CVE-2025-59669 — CVSS 5.3 (medium): A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb…
CVE-2014-1956 — CVSS 5.0 (medium): CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP…
CVE-2025-53609 — CVSS 4.9 (medium): A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through…
CVE-2025-64471 — CVSS 4.9 (medium): A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through…
CVE-2026-39811 — CVSS 4.9 (medium): A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all…
CVE-2017-7737 — CVSS 4.9 (medium): An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user…
CVE-2023-23778 — CVSS 4.9 (medium): A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions…
CVE-2016-5092 — CVSS 4.9 (medium): Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write…
CVE-2023-33305 — CVSS 4.9 (medium): A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through…
CVE-2024-33509 — CVSS 4.8 (medium): An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all…
CVE-2021-43074 — CVSS 4.3 (medium): An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all…
CVE-2014-1955 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary web script or HTML…
CVE-2020-15942 — CVSS 4.3 (medium): An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version…
CVE-2013-7181 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web…
CVE-2014-8619 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote…
CVE-2024-47569 — CVSS 4.3 (medium): A insertion of sensitive information into sent data vulnerability in Fortinet FortiMail 7.4.0 through 7.4.2, FortiMail 7.2.0 through 7.2.6…
CVE-2021-43064 — CVSS 4.3 (medium): A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6…
CVE-2014-4738 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to…
CVE-2021-36195 — CVSS 4.2 (medium): Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0…
CVE-2024-36509 — CVSS 4.2 (medium): An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version…
CVE-2021-36191 — CVSS 4.1 (medium): A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use…
CVE-2021-36175 — CVSS 4.1 (medium): An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote…
CVE-2014-1458 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote…
CVE-2024-50565 — CVSS 3.1 (low): A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through…
CVE-2024-55593 — CVSS 2.7 (low): A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1…
CVE-2022-29059 — CVSS 2.7 (low): An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1…
CVE-2026-24641 — CVSS 2.7 (low): A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6…