Test ID:	1.3.6.1.4.1.25623.1.0.805640
Category:	FortiOS Local Security Checks
Title:	Fortinet FortiAnalyzer Reflected XSS Vulnerability (FG-IR-15-005)
Summary:	Fortinet FortiAnalyzer is prone to a reflected cross-site; scripting (XSS) vulnerability.
Description:	Summary: Fortinet FortiAnalyzer is prone to a reflected cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw exists due to the vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer. Vulnerability Impact: Successful exploitation will allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Fortinet FortiAnalyzer version 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1. Solution: Update to version 5.0.11, 5.2.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3620 BugTraq ID: 74646 http://www.securityfocus.com/bid/74646 Bugtraq: 20150505 Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability (Google Search) http://www.securityfocus.com/archive/1/535452/100/0/threaded http://seclists.org/fulldisclosure/2015/May/13 http://packetstormsecurity.com/files/131766/Fortinet-FortiAnalyzer-FortiManager-Cross-Site-Scripting.html http://www.securitytracker.com/id/1032262
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.