Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0

Share on facebook
Share on google
Share on twitter
Share on linkedin

Overview :
An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated attacker to perform a cross site scripting attack (XSS) via a parameter of the request.An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
Affected Product(s) :
FortiWeb Versions 6.0.5 and below.

FortiWeb Versions 6.1.1 and below.

FortiWeb Version 6.2.0

Vulnerability Details :
CVE ID :

CVE-2019-16156

Solution :

Please upgrade to FortiWeb versions 6.0.6 or above

Please upgrade to FortiWeb versions 6.1.2 or above

Please upgrade to FortiWeb versions 6.2.1 or above

Acknowledgement

Fortinet is pleased to thank Pablo Arriaga Perez from Government of Navarre and S21sec for reporting this vulnerability under responsible disclosure.

 

Recent Posts

Follow Us

Web Application Firewall Solution

Sign up for our Newsletter

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit