VYPR
Unrated severityNVD Advisory· Published Nov 2, 2021· Updated Oct 25, 2024

CVE-2020-12814

CVE-2020-12814

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.

Affected products

2
  • Fortinet/Fortianalyzerllm-fuzzy2 versions
    <=6.0.6, 6.4.4+ 1 more
    • (no CPE)range: <=6.0.6, 6.4.4
    • (no CPE)range: FortiAnalyzer 6.4.4, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.