VYPR
Unrated severityNVD Advisory· Published Mar 17, 2025· Updated Mar 17, 2025

CVE-2021-26087

CVE-2021-26087

Description

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a stored cross site scripting attack (XSS) via injecting malicious payloads in different locations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fortinet/Fortiwlccpe-rescue2 versions
    cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*range: 8.6.0
    • (no CPE)range: <=8.5.3 for version 8.5 series, <=8.4.8 for version 8.4 series, <=8.3.3 for version 8.3 series, and also 8.6.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.