Fortinet - Cross-site Scripting (CVE-2017-14186)

Description

During the scan, Kayran managed to find a Cross-site Scripting (CVE-2017-14186) vulnerability.
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below.
Due to failure in sanitizing the login redir parameter in the SSL-VPN web portal.

An attacker could inject arbitrary web scripts or HTML in the context of the victim’s browser.
A URL Redirection attack can also be achieved by injecting an external URL via the affected parameter.

Severity/Score

CVSS Version 3.x – 5.4 Medium

The best or the worst? – Pros and Cons in WordPress…

It’s no secret that today WordPress is the most popular content management system on the Internet, and probably the most common one for the use

Zeroed In – Zero-Day Attacks

If you are familiar with programming, you know that Zero ([0]) is usually the starting point of arrays, that is called Zero-based numbering, what does

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing