Vulnerability Details CVE-2014-2336
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.8%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/61309
- http://www.fortiguard.com/advisory/FG-IR-14-033/
- http://www.securityfocus.com/bid/70889
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98479
- http://secunia.com/advisories/61309
- http://www.fortiguard.com/advisory/FG-IR-14-033/
- http://www.securityfocus.com/bid/70889
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98479
Products affected by CVE-2014-2336
-
cpe:2.3:h:fortinet:fortimanager:*
-
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0
-
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1
-
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4
-
cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5