Unrated severityNVD Advisory· Published Aug 6, 2021· Updated Oct 25, 2024
CVE-2021-32597
CVE-2021-32597
Description
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
Affected products
37.0.0, <=6.4.5, <=6.2.7+ 1 more
- (no CPE)range: 7.0.0, <=6.4.5, <=6.2.7
- (no CPE)range: FortiAnalyzer 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, ; FortiManager 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0,
- Range: 7.0.0, <=6.4.5, <=6.2.7
Patches
Vulnerability mechanics
References
1- fortiguard.com/advisory/FG-IR-21-054mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.