Lucene search

K
cveMitreCVE-2015-7363
HistoryOct 07, 2016 - 2:59 p.m.

CVE-2015-7363

2016-10-0714:59:02
CWE-79
mitre
web.nvd.nist.gov
30
3
cve-2015-7363
cross-site scripting
xss
fortinet fortimanager
fortianalyzer
security vulnerability

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.2%

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.

Affected configurations

Nvd
Node
fortinetfortimanager_firmwareMatch5.0.0
OR
fortinetfortimanager_firmwareMatch5.0.1
OR
fortinetfortimanager_firmwareMatch5.0.2
OR
fortinetfortimanager_firmwareMatch5.0.3
OR
fortinetfortimanager_firmwareMatch5.0.4
OR
fortinetfortimanager_firmwareMatch5.0.5
OR
fortinetfortimanager_firmwareMatch5.0.6
OR
fortinetfortimanager_firmwareMatch5.0.7
OR
fortinetfortimanager_firmwareMatch5.0.8
OR
fortinetfortimanager_firmwareMatch5.0.9
OR
fortinetfortimanager_firmwareMatch5.0.10
OR
fortinetfortimanager_firmwareMatch5.0.11
OR
fortinetfortimanager_firmwareMatch5.2.0
OR
fortinetfortimanager_firmwareMatch5.2.1
AND
fortinetfortimanagerMatch-
Node
fortinetfortianalyzer_firmwareMatch5.0.0
OR
fortinetfortianalyzer_firmwareMatch5.0.1
OR
fortinetfortianalyzer_firmwareMatch5.0.2
OR
fortinetfortianalyzer_firmwareMatch5.0.3
OR
fortinetfortianalyzer_firmwareMatch5.0.4
OR
fortinetfortianalyzer_firmwareMatch5.0.5
OR
fortinetfortianalyzer_firmwareMatch5.0.6
OR
fortinetfortianalyzer_firmwareMatch5.0.7
OR
fortinetfortianalyzer_firmwareMatch5.0.8
OR
fortinetfortianalyzer_firmwareMatch5.0.9
OR
fortinetfortianalyzer_firmwareMatch5.0.10
OR
fortinetfortianalyzer_firmwareMatch5.0.11
OR
fortinetfortianalyzer_firmwareMatch5.0.12
OR
fortinetfortianalyzer_firmwareMatch5.2.0
OR
fortinetfortianalyzer_firmwareMatch5.2.1
OR
fortinetfortianalyzer_firmwareMatch5.2.2
AND
fortinetfortianalyzerMatch-
VendorProductVersionCPE
fortinetfortimanager_firmware5.0.0cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.1cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.2cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.3cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.4cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.5cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.6cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.7cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.8cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.9cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 321

Social References

More

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.2%

Related for CVE-2015-7363