CVE-2014-2336

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
fortinetfortimanager
𝑥
≤ 5.0.6
fortinetfortianalyzer_firmware
𝑥
≤ 5.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/61309
http://www.fortiguard.com/advisory/FG-IR-14-033/
http://www.securityfocus.com/bid/70889
https://exchange.xforce.ibmcloud.com/vulnerabilities/98479
http://secunia.com/advisories/61309
http://www.fortiguard.com/advisory/FG-IR-14-033/
http://www.securityfocus.com/bid/70889
https://exchange.xforce.ibmcloud.com/vulnerabilities/98479