CVE-2016-3196

MEDIUM

Fortinet Fortimanager Firmware - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.

References (7)

[Vendor Advisory] http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability

[Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2016/Aug/4

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92203

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036550

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036551

[Third Party Advisory, VDB Entry] http://www.vulnerability-lab.com/get_content.php?id=1687

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/539069/100/0/threaded

Scores

CVSS v3 5.4

EPSS 0.0047

EPSS Percentile 64.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (25)

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortimanager_firmware

fortinet/fortianalyzer_firmware

... and 10 more

Timeline

Published Aug 05, 2016

Tracked Since Feb 18, 2026