CVE-2019-5590: XSS
First published: Wed Aug 28 2019(Updated: )
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | <=6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-5590?
CVE-2019-5590 is considered a high severity vulnerability due to its potential for Cross Site Scripting attacks.
How do I fix CVE-2019-5590?
To fix CVE-2019-5590, upgrade Fortinet FortiWeb to version 6.0.3 or later.
What type of attack is enabled by CVE-2019-5590?
CVE-2019-5590 allows for Cross Site Scripting (XSS) attacks through improperly encoded URL parameters in attack reports.
Which versions of Fortinet FortiWeb are affected by CVE-2019-5590?
CVE-2019-5590 affects Fortinet FortiWeb versions 6.0.2 and below.
Can an attacker exploit CVE-2019-5590 remotely?
Yes, an attacker can exploit CVE-2019-5590 remotely by crafting malicious attack reports.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/fortinet
- canonical/fortinet fortiweb
- version/fortinet fortiweb/6.0.2