FortiOS Local Security Checks : Fortinet FortiAnalyzer Persistent XSS Vulnerability (FG-IR-16-014)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.105815

Kategorie: FortiOS Local Security Checks

Titel: Fortinet FortiAnalyzer Persistent XSS Vulnerability (FG-IR-16-014)

Zusammenfassung: Fortinet FortiAnalyzer is prone to a cross-site scripting; (XSS) vulnerability.

Beschreibung: Summary:
Fortinet FortiAnalyzer is prone to a cross-site scripting
(XSS) vulnerability.

Vulnerability Insight:
When a low privileged user uploads images in the report
section, the filenames are not properly sanitized.

Affected Software/OS:
Fortinet FortiAnalyzer version 5.0.0 through 5.0.11 and 5.2.0
through 5.2.5.

Solution:
Update to FortiAnalyzer 5.2.6, 5.4.0 or later.

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-3196
BugTraq ID: 92203
http://www.securityfocus.com/bid/92203
Bugtraq: 20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/539069/100/0/threaded
http://seclists.org/fulldisclosure/2016/Aug/4
http://www.vulnerability-lab.com/get_content.php?id=1687
http://www.securitytracker.com/id/1036550
http://www.securitytracker.com/id/1036551

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.105815
Kategorie:	FortiOS Local Security Checks
Titel:	Fortinet FortiAnalyzer Persistent XSS Vulnerability (FG-IR-16-014)
Zusammenfassung:	Fortinet FortiAnalyzer is prone to a cross-site scripting; (XSS) vulnerability.
Beschreibung:	Summary: Fortinet FortiAnalyzer is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: When a low privileged user uploads images in the report section, the filenames are not properly sanitized. Affected Software/OS: Fortinet FortiAnalyzer version 5.0.0 through 5.0.11 and 5.2.0 through 5.2.5. Solution: Update to FortiAnalyzer 5.2.6, 5.4.0 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3196 BugTraq ID: 92203 http://www.securityfocus.com/bid/92203 Bugtraq: 20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability (Google Search) http://www.securityfocus.com/archive/1/539069/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/4 http://www.vulnerability-lab.com/get_content.php?id=1687 http://www.securitytracker.com/id/1036550 http://www.securitytracker.com/id/1036551
Copyright	Copyright (C) 2016 Greenbone AG