CVE-2021-24021
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
Una vulnerabilidad de neutralización inapropiada de la entrada [CWE-79] en FortiAnalyzer versiones 6.4.3 y por debajo, 6.2.7 y por debajo y 6.0.10 y por debajo, puede permitir a un atacante remoto autenticado llevar a cabo un ataque de tipo cross site scripting attack (XSS) almacenado por medio de la configuración de la columna de Logview en FortiAnalyzer, si el atacante es capaz de obtener esa petición POST, por medio de otros ataques hipotéticos
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-01-13 CVE Reserved
- 2021-10-06 CVE Published
- 2023-04-29 EPSS Updated
- 2024-10-25 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://fortiguard.com/advisory/FG-IR-20-098 | 2021-10-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 6.0.0 < 6.2.8 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 6.0.0 < 6.2.8" | - |
Affected
| ||||||
Fortinet Search vendor "Fortinet" | Fortianalyzer Search vendor "Fortinet" for product "Fortianalyzer" | >= 6.4.0 < 6.4.4 Search vendor "Fortinet" for product "Fortianalyzer" and version " >= 6.4.0 < 6.4.4" | - |
Affected
|