CVE-2021-36176: XSS
First published: Tue Nov 02 2021(Updated: )
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiPortal | >=4.0.0<6.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this FortiPortal vulnerability?
The vulnerability ID for this FortiPortal vulnerability is CVE-2021-36176.
What is the severity level of CVE-2021-36176?
The severity level of CVE-2021-36176 is medium.
How can the CVE-2021-36176 vulnerability be exploited?
The CVE-2021-36176 vulnerability can be exploited by a single low-privileged user inducing a denial of service via multiple HTTP requests.
Which version of FortiPortal is affected by CVE-2021-36176?
FortiPortal versions before 6.0.6 are affected by CVE-2021-36176.
Is there any fix available for CVE-2021-36176?
Yes, updating FortiPortal to version 6.0.6 will fix the CVE-2021-36176 vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/fortinet
- canonical/fortinet fortiportal
- version/fortinet fortiportal/4.0.0