Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1880Cross-site Scripting in Fortinet Fortios

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
59.4%
top 1.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Fortinet Fortios
Timeline
PublishedMay 12
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfortinet/fortios5.2.0, 5.2.1, 5.2.2+2

🔴Vulnerability Details

2
GHSA
GHSA-6r4r-2j3q-9qvm: Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 52022-05-17
CVEList
CVE-2015-1880: Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 52015-05-12

💥Exploits & PoCs

1
Nuclei
Fortinet FortiOS <=5.2.3 - Cross-Site Scripting

🕵️Threat Intelligence

1
Greynoiseio
NoiseLetter January 2026
CVE-2015-1880 — Cross-site Scripting in Fortinet | cvebase