CVE-2017-7739 — Cross-site Scripting in INC Fortios
Severity
6.1MEDIUMNVD
EPSS
0.7%
top 27.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 13
Latest updateMay 17
Description
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages2 packages
▶CVEListV5fortinet_inc/fortios5.2.11, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.6.0+2
🔴Vulnerability Details
2GHSA▶
GHSA-w98v-r22j-8p88: A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5↗2022-05-17
CVEList▶
CVE-2017-7739: A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5↗2017-11-13
📋Vendor Advisories
1Fortinet▶
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6...↗2017-11-13