An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 up to and including 6.4.8, and 7.0.0 up to and including 7.0.4. Report templates may allow a low privilege level malicious user to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortianalyzer |
||
fortinet fortimanager |