Vulnerability Description
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortimanager Firmware | 5.0.3 |
| Fortinet | Fortianalyzer Firmware | 5.0.0 |
Related Weaknesses (CWE)
References
- http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulVendor Advisory
- http://seclists.org/fulldisclosure/2016/Aug/4Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/539069/100/0/threaded
- http://www.securityfocus.com/bid/92203Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036550
- http://www.securitytracker.com/id/1036551Third Party AdvisoryVDB Entry
- http://www.vulnerability-lab.com/get_content.php?id=1687Third Party AdvisoryVDB Entry
- http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulVendor Advisory
- http://seclists.org/fulldisclosure/2016/Aug/4Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/539069/100/0/threaded
- http://www.securityfocus.com/bid/92203Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036550
- http://www.securitytracker.com/id/1036551Third Party AdvisoryVDB Entry
- http://www.vulnerability-lab.com/get_content.php?id=1687Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-3196?
CVE-2016-3196 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users ...
How severe is CVE-2016-3196?
CVE-2016-3196 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3196?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortimanager Firmware, Fortinet Fortianalyzer Firmware.