VYPR
Unrated severityNVD Advisory· Published Mar 21, 2025· Updated Mar 21, 2025

CVE-2019-16151

CVE-2019-16151

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context. This happens when the FortiGate has web filtering and category override enabled/configured.

Affected products

1
  • cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*
    Range: 6.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.