ID de Prueba:	1.3.6.1.4.1.25623.1.0.809262
Categoría:	FortiOS Local Security Checks
Título:	Fortinet FortiAnalyzer Persistent XSS Vulnerability (FG-IR-16-014)
Resumen:	Fortinet Fortianalyzer is prone to a persistent cross-site; scripting (XSS) vulnerability.;; This VT has been replaced by the VT 'Fortinet FortiAnalyzer Persistent XSS Vulnerability; (FG-IR-16-014)' (OID: 1.3.6.1.4.1.25623.1.0.105815).
Descripción:	Summary: Fortinet Fortianalyzer is prone to a persistent cross-site scripting (XSS) vulnerability. This VT has been replaced by the VT 'Fortinet FortiAnalyzer Persistent XSS Vulnerability (FG-IR-16-014)' (OID: 1.3.6.1.4.1.25623.1.0.105815). Vulnerability Insight: The flaw exists When a low privileged user uploads images in the report section, the filenames are not properly sanitized. Vulnerability Impact: Successful exploitation will allow remote authenticated users to inject arbitrary web script. Affected Software/OS: Fortinet FortiAnalyzer version 5.0.0 through 5.0.11 and 5.2.0 through 5.2.5. Solution: Update to version 5.0.12, 5.2.6 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Referencia Cruzada:	BugTraq ID: 92265 Common Vulnerability Exposure (CVE) ID: CVE-2016-3196 BugTraq ID: 92203 http://www.securityfocus.com/bid/92203 Bugtraq: 20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability (Google Search) http://www.securityfocus.com/archive/1/539069/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/4 http://www.vulnerability-lab.com/get_content.php?id=1687 http://www.securitytracker.com/id/1036550 http://www.securitytracker.com/id/1036551
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.