CVE-2015-8037: XSS
First published: Mon Nov 02 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiManager | <=5.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2015-8037?
CVE-2015-8037 is considered a high severity vulnerability due to the potential for remote exploitation via cross-site scripting.
How do I fix CVE-2015-8037?
To fix CVE-2015-8037, upgrade Fortinet FortiManager to version 5.2.4 or later.
What are the consequences of exploiting CVE-2015-8037?
Exploiting CVE-2015-8037 could allow attackers to inject arbitrary web scripts or HTML, leading to data theft or session hijacking.
Which versions of FortiManager are affected by CVE-2015-8037?
CVE-2015-8037 affects FortiManager firmware versions prior to 5.2.4.
How can I mitigate the risks associated with CVE-2015-8037?
To mitigate risks from CVE-2015-8037, ensure that your FortiManager is updated to the latest firmware version and implement strict input validation.
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/fortinet
- canonical/fortinet fortimanager
- version/fortinet fortimanager/5.2.3