Test Kennung:	1.3.6.1.4.1.25623.1.0.105815
Kategorie:	FortiOS Local Security Checks
Titel:	Fortinet FortiAnalyzer Persistent XSS Vulnerability (FG-IR-16-014)
Zusammenfassung:	Fortinet FortiAnalyzer is prone to a cross-site scripting (XSS); vulnerability.
Beschreibung:	Summary: Fortinet FortiAnalyzer is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: When a low privileged user uploads images in the report section, the filenames are not properly sanitized. Affected Software/OS: FortiAnalyzer version 5.0.0 through 5.0.11 and 5.2.0 through 5.2.5. Solution: Update to FortiAnalyzer 5.2.6, 5.4.0 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-3196 BugTraq ID: 92203 http://www.securityfocus.com/bid/92203 Bugtraq: 20160801 Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability (Google Search) http://www.securityfocus.com/archive/1/539069/100/0/threaded http://seclists.org/fulldisclosure/2016/Aug/4 http://www.vulnerability-lab.com/get_content.php?id=1687 http://www.securitytracker.com/id/1036550 http://www.securitytracker.com/id/1036551
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.