cbcvebase.
CVE-2020-12817
published 2020-09-24

CVE-2020-12817: An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related…

high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.

Affected

8 ranges
VendorProductVersion rangeFixed in
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortianalyzer
fortinetfortinet_fortianalyzer
fortinetfortitester<= 3.7.0
fortinetfortitester
fortinetfortitester