XSS vulnerability in the Anomaly Detection Parameter Name
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-265
Final
1
1
2020-03-09T00:00:00
Current version
2020-03-09T00:00:00
2020-03-09T00:00:00
An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated attacker to perform a cross site scripting attack (XSS) via a parameter of the request.
Unauthorized code execution
FortiWeb Versions 6.0.5 and below.FortiWeb Versions 6.1.1 and below.FortiWeb Version 6.2.0
Please upgrade to FortiWeb versions 6.0.6 or above Please upgrade to FortiWeb versions 6.1.2 or above Please upgrade to FortiWeb versions 6.2.1 or above
Fortinet is pleased to thank Pablo Arriaga Perez from Government of Navarre and S21sec for reporting this vulnerability under responsible disclosure.
FortiWeb 6.2.0
FortiWeb 6.1.1
FortiWeb 6.1.0
FortiWeb 6.0.5
FortiWeb 6.0.4
FortiWeb 6.0.3
FortiWeb 6.0.2
FortiWeb 6.0.1
FortiWeb 6.0.0
XSS vulnerability in the Anomaly Detection Parameter Name
CVE-2019-16156
FortiWeb-6.2.0
FortiWeb-6.1.1
FortiWeb-6.1.0
FortiWeb-6.0.5
FortiWeb-6.0.4
FortiWeb-6.0.3
FortiWeb-6.0.2
FortiWeb-6.0.1
FortiWeb-6.0.0
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-265
XSS vulnerability in the Anomaly Detection Parameter Name
Reference>