Lucene search

K
nvd[email protected]NVD:CVE-2015-7363
HistoryOct 07, 2016 - 2:59 p.m.

CVE-2015-7363

2016-10-0714:59:02
CWE-79
web.nvd.nist.gov
5
cve-2015-7363
cross-site scripting
fortimanager
fortianalyzer
remote administrators
web script injection
html injection
report filters

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.2%

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.

Affected configurations

Nvd
Node
fortinetfortimanager_firmwareMatch5.0.0
OR
fortinetfortimanager_firmwareMatch5.0.1
OR
fortinetfortimanager_firmwareMatch5.0.2
OR
fortinetfortimanager_firmwareMatch5.0.3
OR
fortinetfortimanager_firmwareMatch5.0.4
OR
fortinetfortimanager_firmwareMatch5.0.5
OR
fortinetfortimanager_firmwareMatch5.0.6
OR
fortinetfortimanager_firmwareMatch5.0.7
OR
fortinetfortimanager_firmwareMatch5.0.8
OR
fortinetfortimanager_firmwareMatch5.0.9
OR
fortinetfortimanager_firmwareMatch5.0.10
OR
fortinetfortimanager_firmwareMatch5.0.11
OR
fortinetfortimanager_firmwareMatch5.2.0
OR
fortinetfortimanager_firmwareMatch5.2.1
AND
fortinetfortimanagerMatch-
Node
fortinetfortianalyzer_firmwareMatch5.0.0
OR
fortinetfortianalyzer_firmwareMatch5.0.1
OR
fortinetfortianalyzer_firmwareMatch5.0.2
OR
fortinetfortianalyzer_firmwareMatch5.0.3
OR
fortinetfortianalyzer_firmwareMatch5.0.4
OR
fortinetfortianalyzer_firmwareMatch5.0.5
OR
fortinetfortianalyzer_firmwareMatch5.0.6
OR
fortinetfortianalyzer_firmwareMatch5.0.7
OR
fortinetfortianalyzer_firmwareMatch5.0.8
OR
fortinetfortianalyzer_firmwareMatch5.0.9
OR
fortinetfortianalyzer_firmwareMatch5.0.10
OR
fortinetfortianalyzer_firmwareMatch5.0.11
OR
fortinetfortianalyzer_firmwareMatch5.0.12
OR
fortinetfortianalyzer_firmwareMatch5.2.0
OR
fortinetfortianalyzer_firmwareMatch5.2.1
OR
fortinetfortianalyzer_firmwareMatch5.2.2
AND
fortinetfortianalyzerMatch-
VendorProductVersionCPE
fortinetfortimanager_firmware5.0.0cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.1cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.2cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.3cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.4cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.5cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.6cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.7cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.8cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*
fortinetfortimanager_firmware5.0.9cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 321

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

41.2%

Related for NVD:CVE-2015-7363