CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26087

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a stored cross site scripting attack (XSS) via injecting malicious payloads in different locations.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.4%

CVSS Severity

CVSS v3 Score 4.3

References

https://fortiguard.fortinet.com/psirt/FG-IR-20-137

Products affected by CVE-2021-26087

Fortinet » Fortiwlc » Version: 8.3.3

cpe:2.3:a:fortinet:fortiwlc:8.3.3
Fortinet » Fortiwlc » Version: 8.4.0

cpe:2.3:a:fortinet:fortiwlc:8.4.0
Fortinet » Fortiwlc » Version: 8.4.1

cpe:2.3:a:fortinet:fortiwlc:8.4.1
Fortinet » Fortiwlc » Version: 8.4.2

cpe:2.3:a:fortinet:fortiwlc:8.4.2
Fortinet » Fortiwlc » Version: 8.4.4

cpe:2.3:a:fortinet:fortiwlc:8.4.4
Fortinet » Fortiwlc » Version: 8.4.5

cpe:2.3:a:fortinet:fortiwlc:8.4.5
Fortinet » Fortiwlc » Version: 8.4.6

cpe:2.3:a:fortinet:fortiwlc:8.4.6
Fortinet » Fortiwlc » Version: 8.4.7

cpe:2.3:a:fortinet:fortiwlc:8.4.7
Fortinet » Fortiwlc » Version: 8.4.8

cpe:2.3:a:fortinet:fortiwlc:8.4.8
Fortinet » Fortiwlc » Version: 8.5.0

cpe:2.3:a:fortinet:fortiwlc:8.5.0
Fortinet » Fortiwlc » Version: 8.5.1

cpe:2.3:a:fortinet:fortiwlc:8.5.1
Fortinet » Fortiwlc » Version: 8.5.2

cpe:2.3:a:fortinet:fortiwlc:8.5.2
Fortinet » Fortiwlc » Version: 8.5.3

cpe:2.3:a:fortinet:fortiwlc:8.5.3
Fortinet » Fortiwlc » Version: 8.6.0

cpe:2.3:a:fortinet:fortiwlc:8.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-26087

Products

Pricing

Contact Us