Free Trial

Web Application Firewall

Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0

[vc_row][vc_column][vc_column_text]

Overview :

An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated attacker to perform a cross site scripting attack (XSS) via a parameter of the request.An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).

Affected Product(s) :

FortiWeb Versions 6.0.5 and below.

FortiWeb Versions 6.1.1 and below.

FortiWeb Version 6.2.0

Vulnerability Details :

CVE ID :

CVE-2019-16156

Solution :

Please upgrade to FortiWeb versions 6.0.6 or above

Please upgrade to FortiWeb versions 6.1.2 or above

Please upgrade to FortiWeb versions 6.2.1 or above

Acknowledgement

Fortinet is pleased to thank Pablo Arriaga Perez from Government of Navarre and S21sec for reporting this vulnerability under responsible disclosure.

[/vc_column_text][/vc_column][/vc_row]

Recent Posts

CVE-2022-31813 : Apache HTTP Server: mod_proxy X-Forwarded-For Dropped By Hop-by-hop Mechanism

CVE-2022-31813 : Apache HTTP Server: mod_proxy X-Forwarded-For Dropped By Hop-by-hop Mechanism

CVE-2022-31649 : Information Disclosure In Settings UI And API Responses

CVE-2022-31649 : Information Disclosure In Settings UI And API Responses

CVE-2017-20036 : PHPLIST 3.2.6 BOUNCE RULE /LISTS/ADMIN/ PERSISTENT CROSS SITE SCRITING

CVE-2017-20036 : PHPLIST 3.2.6 BOUNCE RULE /LISTS/ADMIN/ PERSISTENT CROSS SITE SCRITING

Follow Us

zzcms 2018 template_user.php ml/title code injection

August 26, 2021 No Comments

A vulnerability was found in zzcms 2018 (Content Management System) and classified as critical. This issue affects an unknown function

ZyXEL VPN2S 1.12 Web Server path traversal

September 29, 2021 No Comments

A vulnerability classified as problematic was found in ZyXEL VPN2S 1.12. Affected by this vulnerability is an unknown part of

Zyxel VPN2S 1.12 CGI Program os command injection

September 29, 2021 No Comments

A vulnerability has been found in Zyxel VPN2S 1.12 and classified as critical. This vulnerability affects some unknown processing of

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

July 2, 2021 No Comments

A vulnerability was found in Zyxel USG, USG Flex, Zywall, ATP and VPN up to 4.64 (Firewall Software). It has

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

July 26, 2021 No Comments

A vulnerability was found in ZyXEL GS1900-8 2.60. It has been classified as problematic. This affects an unknown code of

Zynamics BinDiff up to 6 i64 File use after free

June 30, 2021 No Comments

A vulnerability, which was classified as critical, has been found in Zynamics BinDiff up to 6. This issue affects an

Web Application Firewall Solution

Prevention Of Attacks On Government Industry

Prevention Of Attacks On Government Industry

June 7, 2023 No Comments

Prophaze’s Prevention of Attacks on the Government Industry It is crucial for government agencies that depend on digital infrastructure to

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

June 7, 2023 No Comments

Description PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. References https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmspagebuilder.html For More Information MITRE

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

CVE-2023-3065 : MOBATIME AMXGT100 UP TO 1.3.20 IMPROPER AUTHENTICATION

June 6, 2023 No Comments

Description Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.This issue affects Mobatime mobile application AMXGT100 through 1.3.20.