CVE-2015-3620

Public PoC / Exploit (1)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Weaknesses (CWE)

CWE-79

Affected Products (15)

fortinet · fortimanager_firmwarevulnerable

fortinet · fortimanager_firmware

References (12)

http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2015/May/13

ExploitThird Party AdvisoryVDB Entry

http://www.fortiguard.com/advisory/FG-IR-15-005/

Vendor Advisory

http://www.securityfocus.com/archive/1/535452/100/0/threaded

http://www.securityfocus.com/bid/74646

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032262