CVE-2016-3193

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 55.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet Fortianalyzer FirmwareFortinet Fortimanager Firmware
Timeline
PublishedAug 19
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDfortinet/fortimanager_firmware19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-wj2c-w299-wc72: Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 52022-05-17
CVEList
CVE-2016-3193: Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 52016-08-19
CVE-2016-3193 (MEDIUM CVSS 5.4) | Cross-site scripting (XSS) vulnerab | cvebase.io