CVE-2020-6640

2020-06-0412:47:57

fortinet

www.cve.org

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.

CNA Affected

[
  {
    "product": "Fortinet FortiAnalyzer",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "FortiAnalyzer 6.2.3, 6.2.2"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-20-003