Sign-up

ID

VAR-201608-0437


TITLE

Fortinet FortiVoice HTML Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201608-377

DESCRIPTION

Fortinet FortiVoice is a complete business telephone system developed by Fortinet. Fortinet FortiVoice 5.0.4 and earlier versions have an HTML injection vulnerability that is caused by the program's insufficient filtering of user-submitted input. When a user browses an affected website, their browser executes any HTML or script code provided by the attacker. This could lead to an attacker stealing cookie-based authentication. Fortinet FortiVoice is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Fortinet FortiVoice 5.0.4 and prior are vulnerable

Trust: 0.81

sources: CNNVD: CNNVD-201608-377 // BID: 92455

AFFECTED PRODUCTS

vendor:fortinetmodel:fortivoicescope:eqversion:5.0.4

Trust: 0.3

vendor:fortinetmodel:fortivoicescope:neversion:5.0.5

Trust: 0.3

sources: BID: 92455

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-377

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201608-377

EXTERNAL IDS

db:BIDid:92455

Trust: 0.9

db:CNNVDid:CNNVD-201608-377

Trust: 0.6

sources: BID: 92455 // CNNVD: CNNVD-201608-377

REFERENCES

url:http://www.securityfocus.com/bid/92455

Trust: 0.6

url:http://www.fortinet.com/

Trust: 0.3

url:http://fortiguard.com/advisory/fortivoice-5-0-filter-bypass-persistent-web-vulnerabilities

Trust: 0.3

sources: BID: 92455 // CNNVD: CNNVD-201608-377

CREDITS

Vulnerability Lab

Trust: 0.9

sources: BID: 92455 // CNNVD: CNNVD-201608-377

SOURCES

db:BIDid:92455
db:CNNVDid:CNNVD-201608-377

LAST UPDATE DATE

2022-05-17T01:57:42.820000+00:00


SOURCES UPDATE DATE

db:BIDid:92455date:2016-08-15T00:00:00
db:CNNVDid:CNNVD-201608-377date:2016-08-19T00:00:00

SOURCES RELEASE DATE

db:BIDid:92455date:2016-08-15T00:00:00
db:CNNVDid:CNNVD-201608-377date:2016-08-19T00:00:00