VYPR
Unrated severityNVD Advisory· Published Jan 28, 2020· Updated Oct 25, 2024

CVE-2019-17651

CVE-2019-17651

Description

An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.

Affected products

2
  • Fortinet/FortiSIEMllm-fuzzy2 versions
    <=5.2.5+ 1 more
    • (no CPE)range: <=5.2.5
    • (no CPE)range: FortiSIEM version 5.2.5 and below

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.