CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12817

HIGH
8.8
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile11.42th
PublishedSep 24, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.

Affected Platforms (CPE)

πŸ“¦
Fortinet

Fortianalyzer

= 6.2.5
πŸ“¦
Fortinet

Fortianalyzer

= 6.4.0
πŸ“¦
Fortinet

Fortianalyzer

= 6.4.1
πŸ“¦
Fortinet

Fortitester

<= 3.7.0
πŸ“¦
Fortinet

Fortitester

= 3.8.0

References & Advisories

πŸ”— https://fortiguard.com/advisory/FG-IR-20-054
πŸ”— https://fortiguard.com/advisory/FG-IR-20-054

Related Vulnerabilities

CVE-2016-19099.8

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and Fo...

CVE-2026-248589.8

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 ...

CVE-2021-325898.1

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version ...

CVE-2021-261047.8

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and be...