VAR-201608-0287
Vulnerability from variot - Updated: 2023-12-18 12:05Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Multiple Fortinet Products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Both Fortinet FortiAnalyzer and FortiManager are products of Fortinet. The former is a centralized network security reporting solution, and the latter is a centralized network security management solution. A cross-site scripting vulnerability exists in Fortinet FortiAnalyzer 5.x prior to 5.2.6 and FortiManager 5.x prior to 5.2.6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0287",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.3"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.1"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.0.10"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.5"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.2.4"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.0.4"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "fortinet",
"version": "5.0.1"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.10"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.2.5"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.2.4"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.7"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.2.2"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.6"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.4"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.2.2"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.2.3"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.3"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.2.1"
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.2.6"
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.2.6"
},
{
"model": "fortianalyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.x"
},
{
"model": "fortimanager",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.x"
},
{
"model": "fortimom-vm",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortimanager virtual appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortimanager 400c",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 400b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 400a",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 4000e",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 4000d",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 3900e",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 300d",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 3000c",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 200d",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 1000d",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager 1000c",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortimanager",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "100"
},
{
"model": "fortianalyzer vm gb500",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortianalyzer vm gb5",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortianalyzer vm gb25",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortianalyzer vm gb2000",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortianalyzer vm gb100",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortianalyzer vm gb1",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortianalyzer vm base",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "0"
},
{
"model": "fortianalyzer 3900e",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer 3500e",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer 300d",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer 3000e",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer 200d",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer 2000b",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer 1000d",
"scope": null,
"trust": 0.3,
"vendor": "fortinet",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "92203"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"db": "NVD",
"id": "CVE-2016-3196"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3196"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marco Onorati",
"sources": [
{
"db": "BID",
"id": "92203"
}
],
"trust": 0.3
},
"cve": "CVE-2016-3196",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-3196",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-92015",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-3196",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3196",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-095",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-92015",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92015"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"db": "NVD",
"id": "CVE-2016-3196"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Multiple Fortinet Products are prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Both Fortinet FortiAnalyzer and FortiManager are products of Fortinet. The former is a centralized network security reporting solution, and the latter is a centralized network security management solution. A cross-site scripting vulnerability exists in Fortinet FortiAnalyzer 5.x prior to 5.2.6 and FortiManager 5.x prior to 5.2.6",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3196"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"db": "BID",
"id": "92203"
},
{
"db": "VULHUB",
"id": "VHN-92015"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3196",
"trust": 2.5
},
{
"db": "BID",
"id": "92203",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1036550",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036551",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004160",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-095",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-92015",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92015"
},
{
"db": "BID",
"id": "92203"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"db": "NVD",
"id": "CVE-2016-3196"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
]
},
"id": "VAR-201608-0287",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-92015"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:05:44.907000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiManager and FortiAnalyzer Persistent XSS vulnerability",
"trust": 0.8,
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"title": "Fortinet FortiAnalyzer and FortiManager Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63487"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92015"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"db": "NVD",
"id": "CVE-2016-3196"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
},
{
"trust": 1.4,
"url": "http://seclists.org/fulldisclosure/2016/aug/4"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92203"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036550"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036551"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3196"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3196"
},
{
"trust": 0.3,
"url": "http://www.fortinet.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-92015"
},
{
"db": "BID",
"id": "92203"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"db": "NVD",
"id": "CVE-2016-3196"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-92015"
},
{
"db": "BID",
"id": "92203"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"db": "NVD",
"id": "CVE-2016-3196"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-92015"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92203"
},
{
"date": "2016-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"date": "2016-08-05T14:59:06.547000",
"db": "NVD",
"id": "CVE-2016-3196"
},
{
"date": "2016-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-92015"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92203"
},
{
"date": "2016-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004160"
},
{
"date": "2018-10-09T19:59:48.130000",
"db": "NVD",
"id": "CVE-2016-3196"
},
{
"date": "2016-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiAnalyzer and FortiManager Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004160"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-095"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…