CVE-2016-3194

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 47.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Firmware Fortinet Fortimanager Firmware

Timeline

PublishedAug 19

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortimanager_firmware18 versions+17

▶NVDfortinet/fortianalyzer_firmware18 versions+17

🔴Vulnerability Details

GHSA

GHSA-655v-fvrh-56m2: Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5↗2022-05-17

▶

CVEList

CVE-2016-3194: Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5↗2016-08-19

▶