CVE-2021-24021
published 2021-10-06CVE-2021-24021: An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 6.0.0 < 6.2.8 | 6.2.8 |
| fortinet | fortianalyzer | >= 6.4.0 < 6.4.4 | 6.4.4 |
| fortinet | fortinet_fortianalyzer | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
osv7.5HIGH