CVE-2017-7732 โ€” Cross-site Scripting in Fortinet Fortimail

CWE-79 โ€” Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.9%
top 25.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortimail
Timeline
PublishedOct 26
Latest updateMay 17

Description

A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

โ–ถNVDfortinet/fortimail36 versions+35

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-8qvv-7624-87r2: A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5โ†—2022-05-17
โ–ถ
CVEList
CVE-2017-7732: A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5โ†—2017-10-26
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Fortinet
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3...โ†—2017-10-26
โ–ถ
CVE-2017-7732 โ€” Cross-site Scripting in Fortinet | cvebase