we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability 10990

FortiAnalyzer: two Cross Site Scripting

Synthesis of the vulnerability

An attacker can use two Cross Site Scripting of FortiAnalyzer, in order to execute JavaScript code in the context of the web administration interface.
Impacted products: FortiAnalyzer, FortiAnalyzer Virtual Appliance.
Severity: 2/4.
Creation date: 14/09/2011.
Identifiers: BID-49593, VIGILANCE-VUL-10990, VL-ID 145.

Description of the vulnerability

Two vulnerabilities impact the web administration interface of FortiAnalyzer Centralized Reporting.

An attacker can inject persistent JavaScript code in the "Filter Value on Log Access IPS Attack" parameter. [severity:2/4]

An attacker can interact with the victim to inject JavaScript code in the "Edit Device Group" parameter. [severity:1/4]

An attacker can therefore use two Cross Site Scripting of FortiAnalyzer, in order to execute JavaScript code in the context of the web administration interface.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides software vulnerabilities analysis. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.