CVE-2018-1351 — Cross-site Scripting in Fortinet Fortimanager

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 46.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortimanager Fortinet INC Fortinet Fortimanager

Timeline

PublishedJun 28

Latest updateMay 13

Description

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortimanager6.0.0

▶CVEListV5fortinet_inc/fortinet_fortimanagerFortiManager 6.0.0 and below versions

🔴Vulnerability Details

GHSA

GHSA-522q-xfm6-22q6: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6↗2022-05-13

▶

CVEList

CVE-2018-1351: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6↗2018-06-28

▶

📋Vendor Advisories

Fortinet

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to e...↗2018-06-28

▶