Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-7363

Опубликовано: 07 окт. 2016
Источник: nvd
CVSS3: 5.4
CVSS2: 3.5
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortimanager:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*
cpe:2.3:h:fortinet:fortianalyzer:-:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.00327
Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-8vmh-8c5p-q8cm

CVSS3: 5.4
github
больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.

EPSS

Процентиль: 55%
0.00327
Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79