A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HFortinet Fortinac
APPFortinet8.3.79.4.08.7.0 – 8.7.68.8.0 – 8.8.118.5.0 – 8.5.49.2.0 – 9.2.59.1.0 – 9.1.88.6.0 – 8.6.5
Powiązane podatności
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier...
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before...
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 throug...
An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC...
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 al...