An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-18-121 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2019-05-28T18:33:52
Updated: 2024-08-05T09:00:34.947Z
Reserved: 2018-07-06T00:00:00
Link: CVE-2018-13375
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-05-28T19:29:00.597
Modified: 2019-05-30T15:19:19.737
Link: CVE-2018-13375
Redhat
No data.