First published: Thu Mar 12 2020(Updated: )
An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiWeb | >=6.0.0<=6.0.5 | |
Fortinet FortiWeb | >=6.1.0<=6.1.1 | |
Fortinet FortiWeb | =6.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16156 is considered a medium severity vulnerability that allows for Cross Site Scripting (XSS) attacks.
To fix CVE-2019-16156, upgrade Fortinet FortiWeb to the latest version that addresses this vulnerability.
CVE-2019-16156 affects Fortinet FortiWeb versions 6.0.5, 6.1.1, and 6.2.0.
CVE-2019-16156 facilitates Cross Site Scripting (XSS) attacks by allowing remote unauthenticated attackers to exploit the vulnerability.
No, CVE-2019-16156 can be exploited by remote unauthenticated attackers.