An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-20-098 |
History
Fri, 25 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-10-06T09:45:59
Updated: 2024-10-25T13:48:55.991Z
Reserved: 2021-01-13T00:00:00
Link: CVE-2021-24021
Vulnrichment
Updated: 2024-08-03T19:14:10.157Z
NVD
Status : Modified
Published: 2021-10-06T10:15:07.767
Modified: 2024-11-21T05:52:13.517
Link: CVE-2021-24021
Redhat
No data.