CVE-2017-14190 — Cross-site Scripting in Fortinet Fortios

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 39.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet INC Fortios

Timeline

PublishedJan 29

Latest updateMay 14

Description

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortios5.4.0 — 5.4.7+2

▶CVEListV5fortinet_inc/fortios5.2 and all earlier versions., 5.4.0 to 5.4.7, 5.6.0 to 5.6.2+2

🔴Vulnerability Details

GHSA

GHSA-232m-xvr4-2347: A Cross-site Scripting vulnerability in Fortinet FortiOS 5↗2022-05-14

▶

CVEList

CVE-2017-14190: A Cross-site Scripting vulnerability in Fortinet FortiOS 5↗2018-01-29

▶

📋Vendor Advisories

Fortinet

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacke...↗2018-01-29

▶