FortiOS Local Security Checks : Fortinet FortiAnalyzer Multiple XSS Vulnerabilities (FG-IR-14-033)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.105200

Kategorie: FortiOS Local Security Checks

Titel: Fortinet FortiAnalyzer Multiple XSS Vulnerabilities (FG-IR-14-033)

Zusammenfassung: Fortinet FortiAnalyzer is prone to multiple cross-site-; scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input.

Beschreibung: Summary:
Fortinet FortiAnalyzer is prone to multiple cross-site-
scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input.

Vulnerability Impact:
An attacker may leverage these issues to execute arbitrary
script code in the browser of an unsuspecting user in the context of the affected site. This can
allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Affected Software/OS:
Fortinet FortiAnalyzer prior to version 5.0.7.

Solution:
Update to version 5.0.7 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-2334
BugTraq ID: 70887
http://www.securityfocus.com/bid/70887
http://secunia.com/advisories/61309
XForce ISS Database: fortimanageranalyzer-cve20142334-xss(98477)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98477
Common Vulnerability Exposure (CVE) ID: CVE-2014-2335
XForce ISS Database: fortimanageranalyzer-cve20142335-xss(98478)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98478
Common Vulnerability Exposure (CVE) ID: CVE-2014-2336
BugTraq ID: 70889
http://www.securityfocus.com/bid/70889
XForce ISS Database: fortimanageranalyzer-cve20142336-xss(98479)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98479

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.105200
Kategorie:	FortiOS Local Security Checks
Titel:	Fortinet FortiAnalyzer Multiple XSS Vulnerabilities (FG-IR-14-033)
Zusammenfassung:	Fortinet FortiAnalyzer is prone to multiple cross-site-; scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input.
Beschreibung:	Summary: Fortinet FortiAnalyzer is prone to multiple cross-site- scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input. Vulnerability Impact: An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Affected Software/OS: Fortinet FortiAnalyzer prior to version 5.0.7. Solution: Update to version 5.0.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2334 BugTraq ID: 70887 http://www.securityfocus.com/bid/70887 http://secunia.com/advisories/61309 XForce ISS Database: fortimanageranalyzer-cve20142334-xss(98477) https://exchange.xforce.ibmcloud.com/vulnerabilities/98477 Common Vulnerability Exposure (CVE) ID: CVE-2014-2335 XForce ISS Database: fortimanageranalyzer-cve20142335-xss(98478) https://exchange.xforce.ibmcloud.com/vulnerabilities/98478 Common Vulnerability Exposure (CVE) ID: CVE-2014-2336 BugTraq ID: 70889 http://www.securityfocus.com/bid/70889 XForce ISS Database: fortimanageranalyzer-cve20142336-xss(98479) https://exchange.xforce.ibmcloud.com/vulnerabilities/98479
Copyright	Copyright (C) 2015 Greenbone AG