CVE-2016-3193

moderate-risk

Published 2016-08-19

Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Do I need to act?

-

0.22% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Fortimanager Firmware

Fortimanager Firmware

Fortimanager Firmware

Fortimanager Firmware

Fortimanager Firmware

Fortimanager Firmware

Fortimanager Firmware

Fortimanager Firmware

Fortimanager Firmware

Fortimanager Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Fortianalyzer Firmware

Affected Vendors

Fortinet

References (6)

Vendor Advisory http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vul...

http://www.securityfocus.com/bid/92458

http://www.securitytracker.com/id/1036550

Vendor Advisory http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vul...

http://www.securityfocus.com/bid/92458

http://www.securitytracker.com/id/1036550

46

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 24/34 · High