CVE-2021-24021

An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
References
Link Resource
https://fortiguard.com/advisory/FG-IR-20-098 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*

Information

Published : 2021-10-06 10:15

Updated : 2021-10-14 02:37


NVD link : CVE-2021-24021

Mitre link : CVE-2021-24021

Products Affected
No products.
CWE