CVE-2017-7735 — Cross-site Scripting in INC Fortinet Fortios

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 46.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet INC Fortinet Fortios Fortinet Fortios

Timeline

PublishedSep 12

Latest updateMay 17

Description

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortios17 versions+16

▶CVEListV5fortinet_inc/fortinet_fortiosFortiOS versions 5.2.0 through 5.2.11, and 5.4.0 through 5.4.4

🔴Vulnerability Details

GHSA

GHSA-cj2m-xh7j-q94r: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5↗2022-05-17

▶

CVEList

CVE-2017-7735: A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5↗2017-09-12

▶

📋Vendor Advisories

Fortinet

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauth...↗2017-09-12

▶