VYPR
Unrated severityNVD Advisory· Published Dec 8, 2021· Updated Oct 25, 2024

CVE-2021-41015

CVE-2021-41015

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler

Affected products

2
  • Fortinet/Fortiwebllm-fuzzy2 versions
    <=6.4.1, <=6.3.15+ 1 more
    • (no CPE)range: <=6.4.1, <=6.3.15
    • (no CPE)range: FortiWeb 6.4.1, 6.4.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.