Stored Cross Site Scripting Vulnerability in FortiGate by Fortinet
CVE-2019-6697

6.1MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 17 March 2025

What is CVE-2019-6697?

A vulnerability in FortiGate allows attackers to exploit an improper neutralization of input through the hostname parameter in DHCP packets sent to the DHCP monitor page. This could enable an unauthenticated user, within the same network as the FortiGate device, to launch a Stored Cross Site Scripting (XSS) attack by submitting specially crafted DHCP packets. This exposure poses a risk as it could lead to unauthorized access and data theft.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiOS 6.2.0 <= 6.2.1

References

https://fortiguard.com/advisory/FG-IR-19-184

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 17, 2025
Vulnerability Reserved
Jan 23, 2019

JSON

Fortinet