CVE-2020-6640

Summary

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.

Affected Software

VendorProductVersion RangeStatus
n/aFortinet FortiAnalyzerFortiAnalyzer 6.2.3, 6.2.2affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References