Cross-Site Scripting Vulnerability in Fortinet FortiAnalyzer and FortiManager
CVE-2016-3196

5.4MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortimanager Firmware
Vendor
CVE Published:
5 August 2016

What is CVE-2016-3196?

The Fortinet FortiAnalyzer and FortiManager systems have a cross-site scripting vulnerability that permits remote authenticated users to inject arbitrary scripts or HTML. This security flaw occurs when uploading image files in the reporting section of these products. Attackers could exploit this weakness to perform unauthorized actions or manipulate content presented to other users, thereby posing potential risks to data integrity and privacy.

References

http://www.securityfocus.com/bid/92203
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2016/Aug/4
mailing-listx_refsource_FULLDISC
http://www.securitytracker.com/id/1036550
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.