PT-2020-5530 · Fortinet · Fortisiem

Published

2020-01-27

Updated

2020-01-29

CVE-2019-17651

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FortiSIEM versions 5.2.5 and below

Description The issue is related to improper neutralization of input in the description and title parameters of a Device Maintenance Schedule. This could allow a remote attacker to conduct a Stored Cross Site Scripting attack by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.

Recommendations For FortiSIEM versions 5.2.5 and below, consider restricting access to the Device Maintenance Schedule feature until a patch is available, and avoid using the description field for any input that may contain malicious code.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2021-01047

CVE-2019-17651

Affected Products

Fortisiem

PT-2020-5530 · Fortinet · Fortisiem

CVE-2019-17651

Weakness Enumeration

Related Identifiers

Affected Products

References · 4