CVE-2014-2336

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.fortiguard.com/advisory/FG-IR-14-033/	Vendor Advisory
http://secunia.com/advisories/61309
http://www.securityfocus.com/bid/70889
https://exchange.xforce.ibmcloud.com/vulnerabilities/98479

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:fortinet:fortimanager::::::::
	cpe:2.3:o:fortinet:fortianalyzer_firmware::::::::

Information

Published : 2014-10-31 07:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-2336

Mitre link : CVE-2014-2336

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

fortinet

fortianalyzer_firmware
fortimanager

4.3 /10