CVE-2015-3612

MEDIUM

FortiManager < 5.0.10 - Cross-Site Scripting via FortiWeb Auto Update Service Page

Title source: llm
STIX 2.1

Description

A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-15-011
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/74444
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securitytracker.com/id/1032188

Scores

CVSS v3 5.4
EPSS 0.0028
EPSS Percentile 51.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
fortinet/fortimanager 5.0.0 - 5.0.10
Published Feb 04, 2020
Tracked Since Feb 18, 2026