CVE-2020-6640 — Cross-site Scripting in Fortinet Fortianalyzer

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 57.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortianalyzer

Timeline

PublishedJun 4

Latest updateMay 24

Description

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortianalyzer< 6.2.4

▶CVEListV5fortinet/fortinet_fortianalyzerFortiAnalyzer 6.2.3, 6.2.2

🔴Vulnerability Details

GHSA

GHSA-3vj4-cg97-x27w: An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored↗2022-05-24

▶

CVEList

CVE-2020-6640: An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored↗2020-06-04

▶

📋Vendor Advisories

Fortinet

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated...↗2020-06-04

▶