VYPR
Unrated severityNVD Advisory· Published Aug 6, 2021· Updated Oct 25, 2024

CVE-2021-32597

CVE-2021-32597

Description

Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.

Affected products

3
  • Fortinet/Fortianalyzerllm-fuzzy2 versions
    7.0.0, <=6.4.5, <=6.2.7+ 1 more
    • (no CPE)range: 7.0.0, <=6.4.5, <=6.2.7
    • (no CPE)range: FortiAnalyzer 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, ; FortiManager 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0,
  • Range: 7.0.0, <=6.4.5, <=6.2.7

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.