Home

CVE-2016-3196

Description

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.468

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-3194 ,CVE-2016-3195 ,CVE-2016-3196 are affected in fortianalyzer_firmware 5.2.5NCM
Vulnerabilities CVE-2016-3194 ,CVE-2016-3195 ,CVE-2016-3196 are affected in fortimanager_firmware 5.2.5NCM
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2016-3196)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234