CVE-2015-1451Cross-site Scripting in Fortinet Fortios

CWE-79Cross-site Scripting3 documents3 sources
Severity
3.5LOWNVD
EPSS
0.2%
top 52.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedFeb 2
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDfortinet/fortios5.0.7

🔴Vulnerability Details

2
GHSA
GHSA-mh8w-744h-48g6: Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 52022-05-17
CVEList
CVE-2015-1451: Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 52015-02-02
CVE-2015-1451 — Cross-site Scripting in Fortinet | cvebase