CVE-2017-3127 — Cross-site Scripting in Fortinet Fortios

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 45.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedJun 1

Latest updateMay 17

Description

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDfortinet/fortios11 versions+10

🔴Vulnerability Details

GHSA

GHSA-rgqc-vfrm-f4gg: A Cross-Site Scripting vulnerability in Fortinet FortiGate 5↗2022-05-17

▶

CVEList

CVE-2017-3127: A Cross-Site Scripting vulnerability in Fortinet FortiGate 5↗2017-06-01

▶

📋Vendor Advisories

Fortinet

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized...↗2017-06-01

▶