Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-16151

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context. This happens when the FortiGate has web filtering and category override enabled/configured.

Published

2025-03-21T16:15:13.210

Last Modified

2025-07-23T15:48:43.560

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	fortinet	fortios	< 6.2.10	Yes
Operating System	fortinet	fortios	< 6.4.2	Yes

References

https://fortiguard.com/advisory/FG-IR-19-301 Vendor Advisory ([email protected])