Total vulnerabilities in the database
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
| Software | From | Fixed in |
|---|---|---|
| fortinet / fortimanager | 6.4.0 | 6.4.6 |
| fortinet / fortianalyzer | 6.4.0 | 6.4.6 |
| fortinet / fortianalyzer | 7.0.0 | 7.0.1 |
| fortinet / fortimanager | 7.0.0 | 7.0.1 |
| fortinet / fortianalyzer | - | 6.2.8 |
| fortinet / fortimanager | - | 6.2.8 |