Cross-Site Scripting Vulnerabilities in Fortinet FortiManager and FortiAnalyzer
CVE-2014-2336

Currently unrated

Key Information:

Vendor: Fortinet
Status: Fortimanager; Fortianalyzer Firmware
Vendor: CVE Published:; 31 October 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the Web User Interface of Fortinet's FortiManager and FortiAnalyzer prior to version 5.0.7. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML, potentially compromising the integrity of the web user interface. The exploitation of these vulnerabilities can allow attackers to carry out a variety of malicious activities, including phishing attacks and unauthorized data access, underscoring the importance of timely software updates and vulnerability management.

References

http://www.fortiguard.com/advisory/FG-IR-14-033/

x_refsource_CONFIRM

http://www.securityfocus.com/bid/70889

vdb-entryx_refsource_BID

http://secunia.com/advisories/61309

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Oct 31, 2014
Vulnerability Reserved
Mar 12, 2014