CVE-2021-26087 MEDIUM

CVE-2021-26087

Vendor Fortinet
Product FortiWLC
Weakness CWE-79 · XSS
Published March 17, 2025
Last update March 17, 2025

CVSS base score

4.2/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:F/RL:X/RC:X

What the vulnerability does

01Description

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a stored cross site scripting attack (XSS) via injecting malicious payloads in different locations.

Key dates

02Disclosure timeline

March 17, 2025 CVE published
March 17, 2025 Record updated