What is CVE-2015-3620?

CVE-2015-3620 is a vulnerability in Fortinet Fortianalyzer_firmware, classified under Cross-site Scripting. Published 2015-05-12.

Is CVE-2015-3620 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Fortinet Fortianalyzer_firmware

CVE-2015-3620

Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to i…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (67.0th percentile) — read the EPSS interpretation.

Affected products

Fortinet Fortianalyzer_firmware — versions 5.0.0, 5.0.1, 5.0.10
Fortinet Fortimanager_firmware — versions 5.0.3, 5.0.4, 5.0.5
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20150505 Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability (mailing-list, Exploit, x_refsource_FULLDISC, Third Party Advisory, VDB Entry)
cve@mitre.org (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
20150505 Fortinet FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Vulnerability (mailing-list, x_refsource_BUGTRAQ)
74646 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1032262 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-3620?: CVE-2015-3620 is a vulnerability in Fortinet Fortianalyzer_firmware, classified under Cross-site Scripting. Published 2015-05-12.
Is CVE-2015-3620 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.