An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-20-098 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-10-06T09:45:59
Updated: 2024-08-03T19:14:10.157Z
Reserved: 2021-01-13T00:00:00
Link: CVE-2021-24021
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-10-06T10:15:07.767
Modified: 2021-10-14T14:37:53.090
Link: CVE-2021-24021
Redhat
No data.