Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-8038

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

1.7%

top 17.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Fortinet Fortimanager Firmware

Timeline

PublishedNov 2

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDfortinet/fortimanager_firmware5.2.3

🔴Vulnerability Details

GHSA

GHSA-jc66-4969-7jc4: Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5↗2022-05-17

▶

CVEList

CVE-2015-8038: Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5↗2015-11-02

▶

💥Exploits & PoCs

Exploit-DB

FortiManager 5.2.2 - Persistent Cross-Site Scripting↗2015-09-25

▶