Fortinet – Cross-site Scripting (CVE-2017-14186)

Description

During the scan, Kayran managed to find a Cross-site Scripting (CVE-2017-14186) vulnerability.
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below.
Due to failure in sanitizing the login redir parameter in the SSL-VPN web portal.

An attacker could inject arbitrary web scripts or HTML in the context of the victim’s browser.
A URL Redirection attack can also be achieved by injecting an external URL via the affected parameter.

Severity/Score

CVSS Version 3.x – 5.4 Medium

Recommendation

Update to the latest version released by Fortinet.
You may use the link below in order to do that.

References

https://www.fortiguard.com/psirt/FG-IR-17-242

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »