{"containers": {"cna": {"affected": [{"product": "Fortinet FortiOS", "vendor": "Fortinet", "versions": [{"status": "affected", "version": "FortiOS 5.2.0 to 6.0.4"}]}], "datePublic": "2019-05-24T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the \"param\" parameter of the error process HTTP requests."}], "problemTypes": [{"descriptions": [{"description": "Execute unauthorized code or commands", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-23T19:12:06.000Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fortiguard.com/advisory/FG-IR-19-034"}, {"name": "108610", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108610"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@fortinet.com", "ID": "CVE-2019-5586", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Fortinet FortiOS", "version": {"version_data": [{"version_value": "FortiOS 5.2.0 to 6.0.4"}]}}]}, "vendor_name": "Fortinet"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the \"param\" parameter of the error process HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "references": {"reference_data": [{"name": "https://fortiguard.com/advisory/FG-IR-19-034", "refsource": "CONFIRM", "url": "https://fortiguard.com/advisory/FG-IR-19-034"}, {"name": "108610", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108610"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:50.819Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fortiguard.com/advisory/FG-IR-19-034"}, {"name": "108610", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108610"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-23T13:59:51.816805Z", "id": "CVE-2019-5586", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:06:19.112Z"}}]}, "cveMetadata": {"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2019-5586", "datePublished": "2019-06-04T21:39:52.000Z", "dateReserved": "2019-01-07T00:00:00.000Z", "dateUpdated": "2024-10-25T14:06:19.112Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-19-034", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/108610", "name": "108610", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:50.819Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-5586", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-23T13:59:51.816805Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T14:01:07.463Z"}}], "cna": {"affected": [{"vendor": "Fortinet", "product": "Fortinet FortiOS", "versions": [{"status": "affected", "version": "FortiOS 5.2.0 to 6.0.4"}]}], "datePublic": "2019-05-24T00:00:00.000Z", "references": [{"url": "https://fortiguard.com/advisory/FG-IR-19-034", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/108610", "name": "108610", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the \"param\" parameter of the error process HTTP requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2019-10-23T19:12:06.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "FortiOS 5.2.0 to 6.0.4"}]}, "product_name": "Fortinet FortiOS"}]}, "vendor_name": "Fortinet"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://fortiguard.com/advisory/FG-IR-19-034", "name": "https://fortiguard.com/advisory/FG-IR-19-034", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/108610", "name": "108610", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the \"param\" parameter of the error process HTTP requests."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Execute unauthorized code or commands"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-5586", "STATE": "PUBLIC", "ASSIGNER": "psirt@fortinet.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-5586", "state": "PUBLISHED", "dateUpdated": "2024-10-25T14:06:19.112Z", "dateReserved": "2019-01-07T00:00:00.000Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2019-06-04T21:39:52.000Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D2FB321-696D-44AE-92A7-3A66B4ED4B19", "versionEndIncluding": "6.0.4", "versionStartIncluding": "5.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.2.0 to 5.6.10, 6.0.0 to 6.0.4 under SSL VPN web portal may allow an attacker to execute unauthorized malicious script code via the \"param\" parameter of the error process HTTP requests."}, {"lang": "es", "value": "Una vulnerabilidad reflejada de Cross-Site-Scripting (XSS) en Fortinet FortiOS 5.2.0 a 5.6.10, 6.0.0 a 6.0.4 bajo el portal web SSL VPN puede permitir que un atacante ejecute el c\u00f3digo de script malicioso no autorizado mediante el par\u00e1metro \"param\" de las solicitudes HTTP de proceso de error."}], "id": "CVE-2019-5586", "lastModified": "2024-11-21T04:45:10.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-04T22:29:00.237", "references": [{"source": "psirt@fortinet.com", "url": "http://www.securityfocus.com/bid/108610"}, {"source": "psirt@fortinet.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-19-034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/108610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://fortiguard.com/advisory/FG-IR-19-034"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}