Cross-Site Scripting Vulnerability in Fortinet FortiManager and FortiAnalyzer
CVE-2016-3193

5.4MEDIUM

Key Information:

Vendor
Fortinet
Status
Fortimanager Firmware
Vendor
CVE Published:
19 August 2016

Summary

A cross-site scripting vulnerability exists in the web applications of Fortinet's FortiManager and FortiAnalyzer, specifically affecting various versions of these products. This vulnerability enables remote authenticated users to inject arbitrary web scripts or HTML into applications due to poorly sanitized inputs. Attackers could exploit this flaw through unspecified vectors, potentially leading to unauthorized actions being performed within the context of the affected applications. Users are advised to apply the necessary updates to mitigate the risks associated with this vulnerability.

References

http://www.securitytracker.com/id/1036550
vdb-entryx_refsource_SECTRACK
http://fortiguard.com/advisory/fortimanager-and-fortianal...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92458
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.