PT-2021-30879 · Fortinet · Fortios
Published
2021-09-07
·
Updated
2025-07-23
·
CVE-2019-16151
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS versions 6.4.1 and below
FortiOS versions 6.2.9 and below
Description
The issue allows a remote unauthenticated attacker to either redirect users to malicious websites via a crafted
Host header or to execute JavaScript code in the victim's browser context. This occurs when the FortiGate has web filtering and category override enabled or configured.Recommendations
For FortiOS versions 6.4.1 and below, update to a version above 6.4.1 to resolve the issue.
For FortiOS versions 6.2.9 and below, update to a version above 6.2.9 to resolve the issue.
As a temporary workaround, consider disabling web filtering and category override on the FortiGate until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios