{"api_version":"1","generated_at":"2026-04-23T11:33:31+00:00","cve":"CVE-2014-2336","urls":{"html":"https://cve.report/CVE-2014-2336","api":"https://cve.report/api/cve/CVE-2014-2336.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-2336","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-2336"},"summary":{"title":"CVE-2014-2336","description":"Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2014-10-31 14:55:00","updated_at":"2017-08-29 01:34:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/61309","name":"61309","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA61309 - Fortinet FortiAnalyzer / FortiManager Multiple Cross-Site Scripting Vulnerabilities - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.fortiguard.com/advisory/FG-IR-14-033/","name":"http://www.fortiguard.com/advisory/FG-IR-14-033/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"FortiGuard.com | Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/70889","name":"70889","refsource":"BID","tags":[],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/98479","name":"fortimanageranalyzer-cve20142336-xss(98479)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-2336","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2336","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"2336","vulnerable":"1","versionEndIncluding":"5.0.6","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fortinet","cpe5":"fortianalyzer_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2336","vulnerable":"1","versionEndIncluding":"5.0.6","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"fortinet","cpe5":"fortimanager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2014-2336","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.fortiguard.com/advisory/FG-IR-14-033/","refsource":"CONFIRM","url":"http://www.fortiguard.com/advisory/FG-IR-14-033/"},{"name":"70889","refsource":"BID","url":"http://www.securityfocus.com/bid/70889"},{"name":"61309","refsource":"SECUNIA","url":"http://secunia.com/advisories/61309"},{"name":"fortimanageranalyzer-cve20142336-xss(98479)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"}]}},"nvd":{"publishedDate":"2014-10-31 14:55:00","lastModifiedDate":"2017-08-29 01:34:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionEndIncluding":"5.0.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"5.0.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"2336","Ordinal":"69225","Title":"CVE-2014-2336","CVE":"CVE-2014-2336","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"2336","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"2336","Ordinal":"2","NoteData":"2014-10-31","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"2336","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}