CVE-2017-7736 — Cross-site Scripting in Fortinet Fortiweb

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 64.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiweb Fortinet INC Fortinet Fortiweb

Timeline

PublishedNov 22

Latest updateMay 17

Description

A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortiweb5.7.1+1

▶CVEListV5fortinet_inc/fortinet_fortiwebFortiWeb 5.8.0, 5.7.1 and earlier

🔴Vulnerability Details

GHSA

GHSA-rwp4-gmh2-2rg6: A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5↗2022-05-17

▶

CVEList

CVE-2017-7736: A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5↗2017-11-22

▶

📋Vendor Advisories

Fortinet

A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and e...↗2017-11-22

▶

💬Community

Bugzilla

CVE-2017-18078 systemd: Unsafe handling of hard links allowing privilege escalation↗2018-01-29

▶