CVE-2021-24021

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 59.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortianalyzerFortinet Fortinet Fortianalyzer
Timeline
PublishedOct 6
Latest updateSep 14

Description

An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDfortinet/fortianalyzer6.0.06.2.8+1
CVEListV5fortinet/fortinet_fortianalyzerFortiAnalyzer 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

🔴Vulnerability Details

3
OSV
modsecurity-apache vulnerabilities2023-09-14
GHSA
GHSA-v56v-j2pc-w577: An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 62022-05-24
CVEList
CVE-2021-24021: An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 62021-10-06

📋Vendor Advisories

1
Fortinet
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below an...2021-10-06
CVE-2021-24021 (MEDIUM CVSS 5.4) | An improper neutralization of input | cvebase.io