Test Kennung:	1.3.6.1.4.1.25623.1.0.809262
Kategorie:	FortiOS Local Security Checks
Titel:	Fortinet FortiAnalyzer Persistent XSS Vulnerability (FG-IR-16-014)
Zusammenfassung:	Fortinet Fortianalyzer is prone to a persistent cross-site; scripting (XSS) vulnerability.;; This VT has been deprecated and replaced by the VT 'Fortinet FortiAnalyzer Persistent XSS Vulnerability; (FG-IR-16-014)' (OID: 1.3.6.1.4.1.25623.1.0.105815).
Beschreibung:	Summary: Fortinet Fortianalyzer is prone to a persistent cross-site scripting (XSS) vulnerability. This VT has been deprecated and replaced by the VT 'Fortinet FortiAnalyzer Persistent XSS Vulnerability (FG-IR-16-014)' (OID: 1.3.6.1.4.1.25623.1.0.105815). Vulnerability Insight: The flaw exists When a low privileged user uploads images in the report section, the filenames are not properly sanitized. Vulnerability Impact: Successful exploitation will allow remote authenticated users to inject arbitrary web script. Affected Software/OS: Fortinet FortiAnalyzer version 5.0.0 through 5.0.11 and 5.2.0 through 5.2.5. Solution: Update to version 5.0.12, 5.2.6 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3196 BugTraq ID: 92203 http://www.securityfocus.com/bid/92203 Bugtraq: 20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability (Google Search) http://www.securityfocus.com/archive/1/539069/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/4 http://www.vulnerability-lab.com/get_content.php?id=1687 http://www.securitytracker.com/id/1036550 http://www.securitytracker.com/id/1036551
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.