cbcvebase.
CVE-2017-17541
published 2018-07-16

CVE-2017-17541: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows…

medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.

Affected

9 ranges
VendorProductVersion rangeFixed in
fortinetfortianalyzer
fortinetfortianalyzer_firmware<= 5.6.4
fortinetfortianalyzer_firmware
fortinetfortianalyzerfirmware
fortinetfortimanager
fortinetfortimanager_firmware<= 5.6.4
fortinetfortimanager_firmware
fortinetfortimanagerfirmware
fortinetfortinet