Arbitrary Web Script Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer

Arbitrary Web Script Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer

CVE-2015-7363 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.

Learn more about our Cis Benchmark Audit For Fortinet.