Fortinet – Cross-site Scripting (CVE-2017-14186)

Description

During the scan, Kayran managed to find a Cross-site Scripting (CVE-2017-14186) vulnerability.
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below.
Due to failure in sanitizing the login redir parameter in the SSL-VPN web portal.

An attacker could inject arbitrary web scripts or HTML in the context of the victim’s browser.
A URL Redirection attack can also be achieved by injecting an external URL via the affected parameter.

Severity/Score

CVSS Version 3.x – 5.4 Medium

Recommendation

Update to the latest version released by Fortinet.
You may use the link below in order to do that.

References

https://www.fortiguard.com/psirt/FG-IR-17-242

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »