PT-2021-9845 · Fortinet · Forticlientems

Published

2021-11-02

Updated

2021-11-04

CVE-2020-15940

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FortiClientEMS versions 6.4.1 and below FortiClientEMS versions 6.2.9 and below

Description An improper neutralization of input issue may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.

Recommendations For FortiClientEMS versions 6.4.1 and below, consider restricting access to the name parameter in the affected sections of the server until a patch is available. For FortiClientEMS versions 6.2.9 and below, consider restricting access to the name parameter in the affected sections of the server until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-15940

Affected Products

Forticlientems

PT-2021-9845 · Fortinet · Forticlientems

CVE-2020-15940

Weakness Enumeration

Related Identifiers

Affected Products

References · 4