Vulnerability Details CVE-2020-9288
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.6%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-9288
-
cpe:2.3:a:fortinet:fortiwlc:6.1-2-29
-
cpe:2.3:a:fortinet:fortiwlc:6.1.3-6
-
cpe:2.3:a:fortinet:fortiwlc:6.1.4-0
-
cpe:2.3:a:fortinet:fortiwlc:7.0-10-0
-
cpe:2.3:a:fortinet:fortiwlc:7.0-9-1
-
cpe:2.3:a:fortinet:fortiwlc:7.0.11
-
cpe:2.3:a:fortinet:fortiwlc:7.0.13
-
cpe:2.3:a:fortinet:fortiwlc:7.0.14
-
cpe:2.3:a:fortinet:fortiwlc:8.0-5-0
-
cpe:2.3:a:fortinet:fortiwlc:8.0-6-0
-
cpe:2.3:a:fortinet:fortiwlc:8.0.5
-
cpe:2.3:a:fortinet:fortiwlc:8.0.6
-
cpe:2.3:a:fortinet:fortiwlc:8.1-2-0
-
cpe:2.3:a:fortinet:fortiwlc:8.1-3-0
-
cpe:2.3:a:fortinet:fortiwlc:8.1-3-2
-
cpe:2.3:a:fortinet:fortiwlc:8.1.0
-
cpe:2.3:a:fortinet:fortiwlc:8.1.2
-
cpe:2.3:a:fortinet:fortiwlc:8.1.3
-
cpe:2.3:a:fortinet:fortiwlc:8.2-4-0
-
cpe:2.3:a:fortinet:fortiwlc:8.2.4
-
cpe:2.3:a:fortinet:fortiwlc:8.2.6
-
cpe:2.3:a:fortinet:fortiwlc:8.2.7
-
cpe:2.3:a:fortinet:fortiwlc:8.3.0
-
cpe:2.3:a:fortinet:fortiwlc:8.3.1
-
cpe:2.3:a:fortinet:fortiwlc:8.3.2
-
cpe:2.3:a:fortinet:fortiwlc:8.3.3
-
cpe:2.3:a:fortinet:fortiwlc:8.4.0
-
cpe:2.3:a:fortinet:fortiwlc:8.4.1
-
cpe:2.3:a:fortinet:fortiwlc:8.4.2
-
cpe:2.3:a:fortinet:fortiwlc:8.4.3
-
cpe:2.3:a:fortinet:fortiwlc:8.4.4
-
cpe:2.3:a:fortinet:fortiwlc:8.4.5
-
cpe:2.3:a:fortinet:fortiwlc:8.4.6
-
cpe:2.3:a:fortinet:fortiwlc:8.4.7
-
cpe:2.3:a:fortinet:fortiwlc:8.4.8
-
cpe:2.3:a:fortinet:fortiwlc:8.5.0
-
cpe:2.3:a:fortinet:fortiwlc:8.5.1