Stored Cross-Site Scripting Vulnerability in FortiProxy and FortiOS
CVE-2019-15706

4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiproxy; FortiOS
Vendor: CVE Published:; 17 March 2025

Summary

A stored cross-site scripting vulnerability exists in the SSL VPN portal of FortiProxy and FortiOS, stemming from improper input neutralization during web page generation. This flaw allows remote authenticated attackers to embed malicious scripts, leading to potential data theft and account compromise. Organizations using affected versions should prioritize patching to mitigate risk.

Affected Version(s)

FortiOS 6.2.0 <= 6.2.1

FortiOS 6.0.0 <= 6.0.8

FortiOS 5.6.12

References

https://fortiguard.fortinet.com/psirt/FG-IR-19-223

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 17, 2025
Vulnerability Reserved
Aug 27, 2019