CVE-2019-16149

CWE-79 โ€” Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 73.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Forticlientems
Timeline
PublishedMar 28

Description

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:LExploitability: 1.3 | Impact: 3.7

Affected Packages2 packages

โ–ถNVDfortinet/forticlientems< 6.2.1
โ–ถCVEListV5fortinet/forticlientems6.2.0

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-j8c2-6298-q92j: An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6โ†—2025-03-28
โ–ถ
CVEList
CVE-2019-16149: An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6โ†—2025-03-28
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Fortinet
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attack...โ†—2025-03-28
โ–ถ