exploitDog

GHSA-vghm-mjgx-gf75

Опубликовано: 02 нояб. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.

Ссылки

EPSS

Процентиль: 72%

0.00731

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-39950

CVSS3: 8

nvd

больше 3 лет назад

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.

BDU:2020-05753

CVSS3: 8

fstec

больше 3 лет назад

Уязвимость программного средства централизованного управления устройствами Fortinet FortiManager и межсетевого экрана FortiAnalyzer, связанная с непринятиеи мер по защите структуры веб-страницы, позволяющая нарушителю осуществить межсайтовые сценарные атаки

EPSS

Процентиль: 72%

0.00731

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79