Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-3132 — Cross-site Scripting in Fortinet Fortios

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

8.8%

top 7.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Fortinet Fortios Fortinet INC Fortinet Fortios

Timeline

PublishedSep 12

Latest updateMay 17

Description

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortios5.6.0

▶CVEListV5fortinet_inc/fortinet_fortiosFortiOS versions 5.6.0 and earlier

🔴Vulnerability Details

GHSA

GHSA-6pmp-vh39-v2fh: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5↗2022-05-17

▶

CVEList

CVE-2017-3132: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5↗2017-09-12

▶

💥Exploits & PoCs

Exploit-DB

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting↗2017-07-28

▶

Nuclei

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

▶

📋Vendor Advisories

Fortinet

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec...↗2017-09-12

▶

🕵️Threat Intelligence

Greynoiseio

NoiseLetter October 2025↗

▶