CVE-2016-3196

Public PoC / Exploit (1)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.

Weaknesses (CWE)

CWE-79

Affected Products (25)

fortinet · fortimanager_firmwarevulnerable

fortinet · fortimanager_firmware

References (14)

http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability

Vendor Advisory

http://seclists.org/fulldisclosure/2016/Aug/4

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/539069/100/0/threaded

http://www.securityfocus.com/bid/92203

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036550

http://www.securitytracker.com/id/1036551

Third Party AdvisoryVDB Entry

http://www.vulnerability-lab.com/get_content.php?id=1687