CVE-2021-24021
MEDIUMFortiAnalyzer < 6.2.8 - Authenticated Stored Cross-Site Scripting via Logview Column Settings
Title source: llmDescription
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-20-098
Scores
CVSS v3
4.3
EPSS
0.0019
EPSS Percentile
40.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
fortinet/fortianalyzer
6.0.0 - 6.2.8
Published
Oct 06, 2021
Tracked Since
Feb 18, 2026