CVE-2020-15940
published 2021-11-02CVE-2020-15940: An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient_enterprise_management_server | 6.0.0 – 6.0.8 | — |
| fortinet | forticlient_enterprise_management_server | 6.2.0 – 6.2.9 | — |
| fortinet | forticlient_enterprise_management_server | 6.4.0 – 6.4.1 | — |
| fortinet | forticlientems | — | — |
| fortinet | forticliententerprisemanagementserver | — | — |
| fortinet | fortinet_forticlientems | — | — |