CVE-2017-17541

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 62.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Firmware Fortinet Fortimanager Firmware

Timeline

PublishedJul 16

Latest updateMay 14

Description

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortimanager_firmware5.6.4+1

▶NVDfortinet/fortianalyzer_firmware5.6.4+1

🔴Vulnerability Details

GHSA

GHSA-cp34-9454-rv45: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6↗2022-05-14

▶

CVEList

CVE-2017-17541: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6↗2018-07-16

▶

📋Vendor Advisories

Fortinet

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0...↗2018-07-16

▶