FortiAnalyzer - XSS vulnerability observed in the Column settings of LogView
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-098
Final
1
1
2021-10-05T00:00:00
Current version
2021-10-05T00:00:00
2021-10-05T00:00:00
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
None
Execute unauthorized code or commands
FortiAnalyzer version 6.4.3 and below. FortiAnalyzer version 6.2.7 and below. FortiAnalyzer version 6.0.x.
Please upgrade to FortiAnalyzer version 6.4.4 or above. Please upgrade to FortiAnalyzer version 6.2.8 or above. Workaround: Disable Log View/Fortiview access. config system admin profile edit set log-viewer none next end
Fortinet is pleased to thank Frank Cozijnsen of the KPN REDteam for reporting this vulnerability under responsible disclosure.
FortiAnalyzer 6.4.3
FortiAnalyzer 6.4.2
FortiAnalyzer 6.4.1
FortiAnalyzer 6.4.0
FortiAnalyzer 6.2.7
FortiAnalyzer 6.2.6
FortiAnalyzer 6.2.5
FortiAnalyzer 6.2.4
FortiAnalyzer 6.2.3
FortiAnalyzer 6.2.2
FortiAnalyzer 6.2.1
FortiAnalyzer 6.2.0
FortiAnalyzer 6.0.10
FortiAnalyzer 6.0.9
FortiAnalyzer 6.0.8
FortiAnalyzer 6.0.7
FortiAnalyzer 6.0.6
FortiAnalyzer 6.0.5
FortiAnalyzer 6.0.4
FortiAnalyzer 6.0.3
FortiAnalyzer 6.0.2
FortiAnalyzer 6.0.1
FortiAnalyzer 6.0.0
FortiAnalyzer - XSS vulnerability observed in the Column settings of LogView
CVE-2021-24021
FortiAnalyzer-6.4.3
FortiAnalyzer-6.4.2
FortiAnalyzer-6.4.1
FortiAnalyzer-6.4.0
FortiAnalyzer-6.2.7
FortiAnalyzer-6.2.6
FortiAnalyzer-6.2.5
FortiAnalyzer-6.2.4
FortiAnalyzer-6.2.3
FortiAnalyzer-6.2.2
FortiAnalyzer-6.2.1
FortiAnalyzer-6.2.0
FortiAnalyzer-6.0.10
FortiAnalyzer-6.0.9
FortiAnalyzer-6.0.8
FortiAnalyzer-6.0.7
FortiAnalyzer-6.0.6
FortiAnalyzer-6.0.5
FortiAnalyzer-6.0.4
FortiAnalyzer-6.0.3
FortiAnalyzer-6.0.2
FortiAnalyzer-6.0.1
FortiAnalyzer-6.0.0
4.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-098
FortiAnalyzer - XSS vulnerability observed in the Column settings of LogView
Reference>