CVE-2014-2336

MEDIUM

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

References

http://secunia.com/advisories/61309

http://www.fortiguard.com/advisory/FG-IR-14-033/

http://www.securityfocus.com/bid/70889

https://exchange.xforce.ibmcloud.com/vulnerabilities/98479

Details

Source: MITRE

Published: 2014-10-31

Updated: 2017-08-29

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM