An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-19-197 |
History
Fri, 25 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2020-01-28T00:44:30
Updated: 2024-10-25T14:03:59.971Z
Reserved: 2019-10-16T00:00:00
Link: CVE-2019-17651
Vulnrichment
Updated: 2024-08-05T01:47:13.641Z
NVD
Status : Modified
Published: 2020-01-28T01:15:11.050
Modified: 2024-11-21T04:32:42.353
Link: CVE-2019-17651
Redhat
No data.