CVE-2019-16156

Summary

An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiWeb6.0.5affected
FortinetFortinet FortiWeb6.2.0affected
FortinetFortinet FortiWeb6.1.1affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References