Medium severity5.4NVD Advisory· Published Aug 5, 2016· Updated Jun 17, 2026
CVE-2016-3196
CVE-2016-3196
Description
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*
- (no CPE)range: 5.x before 5.0.12 and 5.2.x before 5.2.6
cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*+ 14 more
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*
- (no CPE)range: 5.x before 5.0.12 and 5.2.x before 5.2.6
Patches
Vulnerability mechanics
References
7- fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerabilitynvdVendor Advisory
- seclists.org/fulldisclosure/2016/Aug/4nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/92203nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036551nvdThird Party AdvisoryVDB Entry
- www.vulnerability-lab.com/get_content.phpnvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/539069/100/0/threadednvd
- www.securitytracker.com/id/1036550nvd
News mentions
0No linked articles in our index yet.