CVE-2019-16149
published 2025-03-28CVE-2019-16149: An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | forticlientems | < 6.2.1 | 6.2.1 |
| fortinet | forticlientems | — | — |
| fortinet | forticlientems | — | — |