CVE-2020-12815

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 60.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortitester Fortinet Fortinet Fortitester

Timeline

PublishedSep 24

Latest updateMay 24

Description

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDfortinet/fortitester3.7.0+1

▶CVEListV5fortinet/fortinet_fortitesterFortiTester before 3.9.0

▶NVDfortinet/fortianalyzer6.4.0 — 6.4.1+1

🔴Vulnerability Details

GHSA

GHSA-qc23-rcpx-gm4f: An improper neutralization of input vulnerability in FortiTester before 3↗2022-05-24

▶

CVEList

CVE-2020-12815: An improper neutralization of input vulnerability in FortiTester before 3↗2020-09-24

▶

📋Vendor Advisories

Fortinet

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticat...↗2020-09-24

▶