CVE-2018-9186Cross-site Scripting in Fortinet Fortiauthenticator

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 50.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiauthenticatorFortinet INC Fortiauthenticator
Timeline
PublishedMay 31
Latest updateMay 14

Description

A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDfortinet/fortiauthenticator4.0.05.3.0
CVEListV5fortinet_inc/fortiauthenticatorbelow 5.3.0 versions

🔴Vulnerability Details

2
GHSA
GHSA-46pc-6g7g-6hw8: A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 42022-05-14
CVEList
CVE-2018-9186: A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 42018-05-31

📋Vendor Advisories

1
Fortinet
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF valida...2018-05-31
CVE-2018-9186 — Cross-site Scripting in Fortinet | cvebase