CVE-2014-2336: XSS
First published: Fri Oct 31 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiManager | <=5.0.6 | |
| Fortinet Fortianalyzer Firmware | <=5.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2336?
CVE-2014-2336 has a high severity rating due to the potential for remote code execution through cross-site scripting.
How do I fix CVE-2014-2336?
To fix CVE-2014-2336, upgrade FortiManager to version 5.0.7 or later and FortiAnalyzer to version 5.0.7 or later.
What are the potential impacts of CVE-2014-2336?
CVE-2014-2336 allows attackers to inject arbitrary web scripts or HTML, potentially leading to data theft and session hijacking.
What systems are affected by CVE-2014-2336?
CVE-2014-2336 affects Fortinet FortiManager versions up to 5.0.6 and FortiAnalyzer firmware versions up to 5.0.6.
Are there any known exploits for CVE-2014-2336?
Yes, there are known exploitation techniques for CVE-2014-2336 that utilize cross-site scripting vulnerabilities.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortimanager
- version/fortinet fortimanager/5.0.6
- canonical/fortinet fortianalyzer firmware
- version/fortinet fortianalyzer firmware/5.0.6