Lucene search

[email protected]CVE-2016-3196

HistoryAug 05, 2016 - 2:59 p.m.

CVE-2016-3196

2016-08-0514:59:00

CWE-79

[email protected]

web.nvd.nist.gov

fortinet

fortianalyzer

fortimanager

xss

cve-2016-3196

vulnerability

security

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.6%

JSON

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.

CPENameOperatorVersion
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.2.3
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.0.5
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.2.2
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.0.4
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.0.6
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.2.0
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.0.7
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.0.10
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.2.1
fortinet:fortimanager_firmwarefortinet fortimanager firmwareeq5.0.3

CPE	Name	Operator	Version
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.2.3
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.0.5
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.2.2
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.0.4
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.0.6
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.2.0
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.0.7
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.0.10
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.2.1
fortinet:fortimanager_firmware	fortinet fortimanager firmware	eq	5.0.3

Rows per page:

1-10 of 251

References

fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability

seclists.org/fulldisclosure/2016/Aug/4

www.securityfocus.com/archive/1/539069/100/0/threaded

www.securityfocus.com/bid/92203

www.securitytracker.com/id/1036550

www.securitytracker.com/id/1036551

www.vulnerability-lab.com/get_content.php?id=1687

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

48.6%

JSON

Related for CVE-2016-3196

prion1 fortinet1 openvas3 cvelist1