FortiManager and FortiAnalyzer Persistent XSS vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-16-014
Final
1
1
2016-07-14T00:00:00
Current version
2016-07-14T00:00:00
2016-07-14T00:00:00
When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentially enables stored XSS attacks.
Persistent XSS
FortiManager/FortiAnalyzer: 5.0.0 - 5.0.11, 5.2.0 - 5.2.5
Upgrade to:FortiManager/FortiAnalyzer 5.4.0 and above5.2.6 and above
Fortinet is pleased to thank Vulnerability Lab for reporting a FortiManager/FortiAnalyzer vulnerability under responsible disclosure. Â
FortiManager and FortiAnalyzer Persistent XSS vulnerability
CVE-2016-3196
https://fortiguard.fortinet.com/psirt/FG-IR-16-014
FortiManager and FortiAnalyzer Persistent XSS vulnerability
Reference>