| IR Number | FG-IR-20-003 |
| Date | Jun 3, 2020 |
| Severity |
Medium |
| Impact | Unauthorized code execution |
| CVE ID | CVE-2020-6640 |
| Affected Products |
FortiAnalyzer
:
6.2.3, 6.2.2
|
| CVRF | Download |
Refine Search
PSIRT Advisories
XSS vulnerability in the Description Area of the Admin Profile
Summary
An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
Affected Products
FortiAnalyzer version 6.2.3 and below.
Solutions
Please upgrade to FortiAnalyzer version 6.2.4 or above.
Please upgrade to FortiAnalyzer version 6.4.0 or above.
Acknowledgement
Fortinet is pleased to thank Ali Ardic from Trend Micro for reporting this vulnerability under responsible disclosure.