← back
CVE-2019-5590

CVE-2019-5590

EPSS 1.0%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Aug 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
Affected products
Fortinet · FortiWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fortiguard.com/advisory/FG-IR-19-070http://www.securityfocus.com/bid/108786