Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3131Cross-site Scripting in INC Fortinet Fortios

CWE-79Cross-site Scripting6 documents6 sources
Severity
5.4MEDIUMNVD
EPSS
11.5%
top 6.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Fortinet INC Fortinet FortiosFortinet Fortios
Timeline
PublishedSep 12
Latest updateMay 17

Description

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDfortinet/fortios6 versions+5
CVEListV5fortinet_inc/fortinet_fortiosFortiOS versions 5.4.0 through 5.4.4 and 5.6.0

🔴Vulnerability Details

2
GHSA
GHSA-vpwv-v7qq-9vj6: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 52022-05-17
CVEList
CVE-2017-3131: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 52017-09-12

💥Exploits & PoCs

2
Exploit-DB
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting2017-07-28
Nuclei
FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting

📋Vendor Advisories

1
Fortinet
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec...2017-09-12
CVE-2017-3131 — Cross-site Scripting | cvebase