CVE-2019-5586: XSS
First published: Tue Jun 04 2019(Updated: )
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the "param" parameter of the error process HTTP requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiOS IPS Engine | >=5.2.0<=6.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-5586?
CVE-2019-5586 is considered a medium severity vulnerability due to its potential for reflected Cross-Site-Scripting attacks.
How do I fix CVE-2019-5586?
To mitigate CVE-2019-5586, upgrade Fortinet FortiOS to versions later than 6.0.4 or apply the recommended patches provided by Fortinet.
What types of systems are affected by CVE-2019-5586?
CVE-2019-5586 affects Fortinet FortiOS versions 5.2.0 to 5.6.10 and 6.0.0 to 6.0.4.
What is the nature of the vulnerability in CVE-2019-5586?
CVE-2019-5586 is a reflected Cross-Site-Scripting (XSS) vulnerability that allows attackers to execute unauthorized scripts on affected systems.
Who can exploit CVE-2019-5586?
Any unauthenticated attacker who can send specially crafted HTTP requests to the affected Fortinet SSL VPN web portal can exploit CVE-2019-5586.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/fortinet
- canonical/fortinet fortios ips engine
- version/fortinet fortios ips engine/5.2.0
- version/fortinet fortios ips engine/6.0.4