Back to search
CVE-2019-17651
Published: Jan 28, 2020
Modified: Oct 25, 2024
PUBLISHED
Description
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.
| Vendor | Product | Versions |
|---|---|---|
Fortinet | Fortinet FortiSIEM | affected FortiSIEM version 5.2.5 and below |
References
https://fortiguard.com/psirt/FG-IR-19-197
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now