vulnerability
Fortinet FortiAnalyzer/FortiManager: CVE-2016-3196: FortiManager and FortiAnalyzer Persistent XSS vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Aug 5, 2016 | May 15, 2017 | Oct 30, 2017 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Aug 5, 2016
Added
May 15, 2017
Modified
Oct 30, 2017
Description
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
Solutions
fortianalyzer-cve-2016-3196-1fortianalyzer-cve-2016-3196-2fortimanager-cve-2016-3196-1fortimanager-cve-2016-3196-2
References
- BID-92203
- CVE-2016-3196
- https://attackerkb.com/topics/CVE-2016-3196
- http://fortiguard.com/psirt/fortimanager-and-fortianalyzer-persistent-xss-vulnerability
- http://seclists.org/fulldisclosure/2016/Aug/4
- http://www.securityfocus.com/archive/1/archive/1/539069/100/0/threaded
- http://www.securityfocus.com/bid/92203
- http://www.securitytracker.com/id/1036551
- http://www.vulnerability-lab.com/get_content.php?id=1687
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.