ID de Prueba:	1.3.6.1.4.1.25623.1.0.105865
Categoría:	FortiOS Local Security Checks
Título:	Fortinet FortiManager Multiple XSS Vulnerabilities (FG-IR-16-015, FG-IR-16-016, FG-IR-16-017)
Resumen:	FortiManager is prone to multiple cross-site scripting (XSS); vulnerabilities.
Descripción:	Summary: FortiManager is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The following flaws exist: - An XSS vulnerability in FortiManager/FortiAnalyzer could allow privileged guest user accounts and restricted user accounts to inject malicious script to the application-side or client-side of the appliance web-application. This potentially enables XSS attacks. - A vulnerability in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field. This potentially enables XSS attacks. - A client side XSS vulnerability in FortiManager/FortiAnalyzer could allow malicious script being injected in the Web-UI. This potentially enables XSS attacks. Affected Software/OS: FortiManager version 5.0.0 through 5.0.11, 5.2.0 through 5.2.5 and 5.4.0. Solution: Update to version 5.0.12, 5.2.6, 5.4.0 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3195 BugTraq ID: 92453 http://www.securityfocus.com/bid/92453 http://www.securitytracker.com/id/1036550 Common Vulnerability Exposure (CVE) ID: CVE-2016-3194 BugTraq ID: 92456 http://www.securityfocus.com/bid/92456 Common Vulnerability Exposure (CVE) ID: CVE-2016-3193 BugTraq ID: 92458 http://www.securityfocus.com/bid/92458
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.