Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Fortinet FortiPortal 跨站脚本漏洞
Vulnerability Description
Fortinet FortiPortal是美国飞塔(Fortinet)公司的FortiGate、FortiWiFi 和 FortiAP 产品线的高级、功能丰富的托管安全分析和管理支持工具,可作为虚拟机供 MSP 使用。 FortiPortal若干版本存在安全漏洞,该漏洞源于其管理接口的无效输入可能会允许经过身份验证的远程攻击者通过发送带有特制柱索引参数的请求来执行存储型跨站脚本。以下版本受到影响:6.0.0至6.0.11版本和5.3、5.2、5.1、5.0的所有版本。
CVSS Information
N/A
Vulnerability Type
N/A