CVE-2015-3612: XSS
First published: Tue Feb 04 2020(Updated: )
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiManager | >=5.0.0<=5.0.10 | |
| Fortinet FortiManager | >=5.2.0<=5.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2015-3612.
What is the severity of CVE-2015-3612?
The severity of CVE-2015-3612 is medium with a CVSS score of 5.4.
Which software versions are affected by CVE-2015-3612?
FortiManager versions 5.2.1 and earlier, and 5.0.10 and earlier, are affected by CVE-2015-3612.
How does the XSS vulnerability in FortiManager work?
The XSS vulnerability in FortiManager occurs through an unspecified parameter in the FortiWeb auto update service page.
Is there a fix available for CVE-2015-3612?
Yes, Fortinet has released a security advisory with a fix for CVE-2015-3612. It is recommended to update to the latest patched version of FortiManager.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortimanager
- version/fortinet fortimanager/5.0.0
- version/fortinet fortimanager/5.0.10
- version/fortinet fortimanager/5.2.0
- version/fortinet fortimanager/5.2.1