The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
Metrics
Affected Vendors & Products
References
History
Fri, 25 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2019-08-28T16:45:15
Updated: 2024-10-25T14:05:31.381Z
Reserved: 2019-01-07T00:00:00
Link: CVE-2019-5590
Vulnrichment
Updated: 2024-08-04T20:01:51.427Z
NVD
Status : Modified
Published: 2019-08-28T17:15:09.917
Modified: 2024-11-21T04:45:11.340
Link: CVE-2019-5590
Redhat
No data.