2 matches found
CVE-2019-5590
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands Cross Site Scripting via attack reports generated in HTML form...
CVE-2019-5590
CVE-2019-5590 affects Fortinet FortiWeb 6.0.2 and earlier. The root cause is that the URL part of the report message is not encoded, enabling Cross-Site Scripting (XSS) via HTML-formatted attack reports. Potential impact: attacker may cause client-side code execution in a user’s browser. Exploita...