CVE-2016-3194: XSS
First published: Fri Aug 19 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiManager | =5.0.0 | |
| Fortinet FortiManager | =5.0.1 | |
| Fortinet FortiManager | =5.0.2 | |
| Fortinet FortiManager | =5.0.3 | |
| Fortinet FortiManager | =5.0.4 | |
| Fortinet FortiManager | =5.0.5 | |
| Fortinet FortiManager | =5.0.6 | |
| Fortinet FortiManager | =5.0.7 | |
| Fortinet FortiManager | =5.0.8 | |
| Fortinet FortiManager | =5.0.9 | |
| Fortinet FortiManager | =5.0.10 | |
| Fortinet FortiManager | =5.0.11 | |
| Fortinet FortiManager | =5.2.0 | |
| Fortinet FortiManager | =5.2.1 | |
| Fortinet FortiManager | =5.2.2 | |
| Fortinet FortiManager | =5.2.3 | |
| Fortinet FortiManager | =5.2.4 | |
| Fortinet FortiManager | =5.2.5 | |
| Fortinet FortiAnalyzer | =5.0.0 | |
| Fortinet FortiAnalyzer | =5.0.2 | |
| Fortinet FortiAnalyzer | =5.0.3 | |
| Fortinet FortiAnalyzer | =5.0.4 | |
| Fortinet FortiAnalyzer | =5.0.5 | |
| Fortinet FortiAnalyzer | =5.0.6 | |
| Fortinet FortiAnalyzer | =5.0.7 | |
| Fortinet FortiAnalyzer | =5.0.8 | |
| Fortinet FortiAnalyzer | =5.0.9 | |
| Fortinet FortiAnalyzer | =5.0.10 | |
| Fortinet FortiAnalyzer | =5.0.11 | |
| Fortinet FortiAnalyzer | =5.0.12 | |
| Fortinet FortiAnalyzer | =5.2.0 | |
| Fortinet FortiAnalyzer | =5.2.1 | |
| Fortinet FortiAnalyzer | =5.2.2 | |
| Fortinet FortiAnalyzer | =5.2.3 | |
| Fortinet FortiAnalyzer | =5.2.4 | |
| Fortinet FortiAnalyzer | =5.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3194?
CVE-2016-3194 is classified as a high severity cross-site scripting (XSS) vulnerability.
Which versions are affected by CVE-2016-3194?
CVE-2016-3194 affects Fortinet FortiManager versions 5.x before 5.0.12 and 5.2.x before 5.2.6, as well as FortiAnalyzer versions 5.x before 5.0.13 and 5.2.x before 5.2.6.
How do I fix CVE-2016-3194?
To fix CVE-2016-3194, upgrade FortiManager to version 5.0.12 or later and FortiAnalyzer to version 5.0.13 or later.
What type of attack can exploit CVE-2016-3194?
CVE-2016-3194 can be exploited by remote attackers to inject arbitrary web scripts or HTML, potentially affecting users' interactions with the application.
Is there a patch available for CVE-2016-3194?
Yes, patches are available in the form of firmware updates for the affected Fortinet products.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/fortinet
- canonical/fortinet fortimanager
- version/fortinet fortimanager/5.0.0
- version/fortinet fortimanager/5.0.1
- version/fortinet fortimanager/5.0.2
- version/fortinet fortimanager/5.0.3
- version/fortinet fortimanager/5.0.4
- version/fortinet fortimanager/5.0.5
- version/fortinet fortimanager/5.0.6
- version/fortinet fortimanager/5.0.7
- version/fortinet fortimanager/5.0.8
- version/fortinet fortimanager/5.0.9
- version/fortinet fortimanager/5.0.10
- version/fortinet fortimanager/5.0.11
- version/fortinet fortimanager/5.2.0
- version/fortinet fortimanager/5.2.1
- version/fortinet fortimanager/5.2.2
- version/fortinet fortimanager/5.2.3
- version/fortinet fortimanager/5.2.4
- version/fortinet fortimanager/5.2.5
- canonical/fortinet fortianalyzer
- version/fortinet fortianalyzer/5.0.0
- version/fortinet fortianalyzer/5.0.2
- version/fortinet fortianalyzer/5.0.3
- version/fortinet fortianalyzer/5.0.4
- version/fortinet fortianalyzer/5.0.5
- version/fortinet fortianalyzer/5.0.6
- version/fortinet fortianalyzer/5.0.7
- version/fortinet fortianalyzer/5.0.8
- version/fortinet fortianalyzer/5.0.9
- version/fortinet fortianalyzer/5.0.10
- version/fortinet fortianalyzer/5.0.11
- version/fortinet fortianalyzer/5.0.12
- version/fortinet fortianalyzer/5.2.0
- version/fortinet fortianalyzer/5.2.1
- version/fortinet fortianalyzer/5.2.2
- version/fortinet fortianalyzer/5.2.3
- version/fortinet fortianalyzer/5.2.4
- version/fortinet fortianalyzer/5.2.5