====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN135
_____________________________________________________________________

DATE                : 12/03/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiManager versions prior to
                                         6.2.2.

=====================================================================
https://fortiguard.com/psirt/FG-IR-19-271
_____________________________________________________________________

XSS vulnerability in the FortiManager via the buffer parameter

IR Number : FG-IR-19-271
Date      : Mar 11, 2020
Risk      : 2/5
Impact    : Execute unauthorized code or commands
CVE ID    : CVE-2019-16158
CVE ID    : CVE-2019-16158


Summary

An improper neutralization of input vulnerability in FortiManager GUI
may allow an authenticated attacker to perform an XSS (Cross Site
Scripting) attack via the buffer parameter.


Impact

Execute unauthorized code or commands


Affected Products

FortiManager 6.2.1 and below


Solutions

Upgrade to FortiManager 6.2.2 or above


Acknowledgement

Fortinet is pleased to thank Patrick Nielsen for reporting this
vulnerability under responsible disclosure.


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================