CVE-2019-17651
published 2020-01-28CVE-2019-17651: An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet_fortisiem | — | — |
| fortinet | fortisiem | <= 5.2.5 | — |
| fortinet | fortisiem | — | — |