CVE-2014-2336

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98479

http://www.securityfocus.com/bid/70889

http://www.fortiguard.com/advisory/FG-IR-14-033/

http://secunia.com/advisories/61309

Details

Source: Mitre, NVD

Published: 2014-10-31

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium