Fortinet – Cross-site Scripting (CVE-2017-14186)

Description

During the scan, Kayran managed to find a Cross-site Scripting (CVE-2017-14186) vulnerability.
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below.
Due to failure in sanitizing the login redir parameter in the SSL-VPN web portal.

An attacker could inject arbitrary web scripts or HTML in the context of the victim’s browser.
A URL Redirection attack can also be achieved by injecting an external URL via the affected parameter.

Recommendation

Update to the latest version released by Fortinet.
You may use the link below in order to do that.

References

https://www.fortiguard.com/psirt/FG-IR-17-242

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »