An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, version 5.6.12 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS).
                
            References
                    | Link | Resource | 
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-19-223 | Vendor Advisory | 
Configurations
                    History
                    24 Jul 2025, 20:15
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time | Fortinet fortios Fortinet fortiproxy Fortinet | |
| Summary | 
 | |
| CPE | cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | |
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-19-223 - Vendor Advisory | 
17 Mar 2025, 14:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-03-17 14:15
Updated : 2025-07-24 20:15
NVD link : CVE-2019-15706
Mitre link : CVE-2019-15706
CVE.ORG link : CVE-2019-15706
JSON object : View
Products Affected
                fortinet
- fortios
- fortiproxy
CWE
                
                    
                        
                        CWE-79
                        
            Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
