Stored Cross Site Scripting Vulnerability in FortiGate by Fortinet
CVE-2019-6697

5.2MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 17 March 2025

Summary

A vulnerability in FortiGate allows attackers to exploit an improper neutralization of input through the hostname parameter in DHCP packets sent to the DHCP monitor page. This could enable an unauthenticated user, within the same network as the FortiGate device, to launch a Stored Cross Site Scripting (XSS) attack by submitting specially crafted DHCP packets. This exposure poses a risk as it could lead to unauthorized access and data theft.

Affected Version(s)

FortiOS 6.2.0 <= 6.2.1

References

https://fortiguard.com/advisory/FG-IR-19-184

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2025
Vulnerability Reserved
Jan 23, 2019