Fortinet – Cross-site Scripting (CVE-2017-14186)

Description

Cross-site Scripting (CVE-2017-14186) vulnerability.

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4, and below due to a failure in sanitizing the login redirect parameter in the SSL-VPN web portal.

Bussines Impact

An attacker could inject arbitrary web script or HTML in the context of the victim’s browser. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.

Recommendation

Updated to the latest version released by Fortinet.

Reference

https://www.fortiguard.com/psirt/FG-IR-17-242

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »