Details of VAR-202106-1945

ID

VAR-202106-1945

CVE

CVE-2021-26087

TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a stored cross site scripting attack (XSS) via injecting malicious payloads in different locations. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.44

sources: NVD: CVE-2021-26087 // CNNVD: CNNVD-202104-975

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortiwlc	scope:	lt	version:	8.5.4	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	gte	version:	8.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	lte	version:	8.4.2	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	gte	version:	8.4.4	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	eq	version:	8.3.3	Trust: 1.0
vendor:	fortinet	model:	fortiwlc	scope:	eq	version:	8.6.0	Trust: 1.0

sources: NVD: CVE-2021-26087

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2021-26087
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2021-26087
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-068
value:	MEDIUM
Trust: 0.6

psirt@fortinet.com:	CVE-2021-26087
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2021-26087
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-068 // NVD: CVE-2021-26087 // NVD: CVE-2021-26087

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2021-26087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-068

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

FortiWLC web interface Fixes for cross-site scripting vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152508

Trust: 0.6

sources: CNNVD: CNNVD-202106-068

EXTERNAL IDS

db:	NVD	id:	CVE-2021-26087	Trust: 1.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1891	Trust: 0.6
db:	CS-HELP	id:	SB2021060140	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-068	Trust: 0.6

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-068 // NVD: CVE-2021-26087

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-20-137	Trust: 1.0
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1891	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060140	Trust: 0.6

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-068 // NVD: CVE-2021-26087

SOURCES

db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-068
db:	NVD	id:	CVE-2021-26087

LAST UPDATE DATE

2025-07-26T20:40:42.773000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-068	date:	2021-06-03T00:00:00
db:	NVD	id:	CVE-2021-26087	date:	2025-07-24T20:16:57.290

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-068	date:	2021-06-01T00:00:00
db:	NVD	id:	CVE-2021-26087	date:	2025-03-17T14:15:17.247