CVE-2020-12817
24.09.2020, 15:15
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortianalyzer | 6.2.5 |
| fortinet | fortianalyzer | 6.4.0 |
| fortinet | fortianalyzer | 6.4.1 |
| fortinet | fortitester | 𝑥 ≤ 3.7.0 |
| fortinet | fortitester | 3.8.0 |
𝑥
= Vulnerable software versions