Cross-Site Scripting Vulnerability in Fortinet FortiWan
CVE-2016-4969

6.1MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortiwan
Vendor
CVE Published:
21 September 2016

What is CVE-2016-4969?

A Cross-Site Scripting (XSS) vulnerability exists in Fortinet FortiWan prior to version 4.2.5, which allows remote attackers to inject arbitrary web scripts or HTML. This vulnerability can be exploited by manipulating the IP parameter in the script/statistics/getconn.php file, enabling attackers to execute malicious scripts in the context of the affected user's session. Organizations using this product are advised to upgrade to mitigate potential risks.

References

http://www.securityfocus.com/bid/92779
vdb-entryx_refsource_BID
http://docs.fortinet.com/uploaded/files/3236/fortiwan-v4....
x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/724487
third-party-advisoryx_refsource_CERT-VN

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.