CVE-2017-3125 — Cross-site Scripting in Fortinet Fortimail

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.6%

top 31.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortimail

Timeline

PublishedApr 12

Latest updateMay 17

Description

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5fortinet/fortimail5.0.0 -> 5.2.9, 5.3.0 -> 5.3.8

▶NVDfortinet/fortimail31 versions+30

🔴Vulnerability Details

GHSA

GHSA-fxgw-f44q-85m6: An unauthenticated XSS vulnerability with FortiMail 5↗2022-05-17

▶

CVEList

CVE-2017-3125: An unauthenticated XSS vulnerability with FortiMail 5↗2017-04-12

▶

📋Vendor Advisories

Fortinet

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute a...↗2017-04-12

▶