Описание
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-0941
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72761
- https://fortiguard.com/psirt/FG-IR-012-001
- https://securitytracker.com/id/1026594
- https://www.vulnerability-lab.com/get_content.php?id=144
- http://packetstormsecurity.org/files/109168/VL-144.txt
- http://www.securityfocus.com/bid/51708
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.
Уязвимость операционной системы FortiOS, вызванная недостаточной защитой структуры веб-страницы, позволяющая нарушителю внедрить произвольный JavaScript или HTML-код