Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
| Version | Base score | Base severity | Vector |
|---|
| Hyperlink | Resource Type |
|---|
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
| Type | CWE ID | Description |
|---|---|---|
| text | N/A | n/a |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/92203 | vdb-entry x_refsource_BID |
| http://seclists.org/fulldisclosure/2016/Aug/4 | mailing-list x_refsource_FULLDISC |
| http://www.securitytracker.com/id/1036550 | vdb-entry x_refsource_SECTRACK |
| http://www.vulnerability-lab.com/get_content.php?id=1687 | x_refsource_MISC |
| http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability | x_refsource_CONFIRM |
| http://www.securityfocus.com/archive/1/539069/100/0/threaded | mailing-list x_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1036551 | vdb-entry x_refsource_SECTRACK |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| http://www.securityfocus.com/bid/92203 | vdb-entry x_refsource_BID x_transferred |
| http://seclists.org/fulldisclosure/2016/Aug/4 | mailing-list x_refsource_FULLDISC x_transferred |
| http://www.securitytracker.com/id/1036550 | vdb-entry x_refsource_SECTRACK x_transferred |
| http://www.vulnerability-lab.com/get_content.php?id=1687 | x_refsource_MISC x_transferred |
| http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability | x_refsource_CONFIRM x_transferred |
| http://www.securityfocus.com/archive/1/539069/100/0/threaded | mailing-list x_refsource_BUGTRAQ x_transferred |
| http://www.securitytracker.com/id/1036551 | vdb-entry x_refsource_SECTRACK x_transferred |
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.0 | 5.4 | MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Primary | 2.0 | 3.5 | LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |