CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-5594

An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.4%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://fortiguard.com/advisory/FG-IR-19-140
https://fortiguard.com/advisory/FG-IR-19-140

Products affected by CVE-2019-5594

Fortinet » Fortinac » Version: 8.3.0

cpe:2.3:a:fortinet:fortinac:8.3.0
Fortinet » Fortinac » Version: 8.3.6

cpe:2.3:a:fortinet:fortinac:8.3.6
Fortinet » Fortinac » Version: 8.5.0

cpe:2.3:a:fortinet:fortinac:8.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-5594

Products

Pricing

Contact Us