Stored Cross-Site Scripting (XSS) Vulnerability in FortiAnalyzer Logview Column Settings

Stored Cross-Site Scripting (XSS) Vulnerability in FortiAnalyzer Logview Column Settings

CVE-2021-24021 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.

Learn more about our Web Application Penetration Testing UK.