Lucene search
FortinetCVELIST:CVE-2017-14186HistoryNov 23, 2017 - 12:00 a.m.
CVE-2017-14186
2017-11-2300:00:00
fortinet
www.cve.org
0.029 Low
EPSS
Percentile
90.9%
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim’s browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.
CNA Affected
[
{
"product": "FortiOS",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "5.6.0 to 5.6.2"
},
{
"status": "affected",
"version": "5.4.0 to 5.4.6"
},
{
"status": "affected",
"version": "5.2.0 to 5.2.12"
},
{
"status": "affected",
"version": "5.0 and below"
}
]
}
]Related
packetstorm
packetstorm
FortiGate SSL VPN Portal 5.x Cross Site Scripting
2017-12-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Fortinet FortiOS Cross-Site Scripting (CVE-2017-14186)
2020-09-16 00:00:00
cve
cve
CVE-2017-14186
2017-11-29 19:29:00
nessus
nessus
prion
prion
Cross site scripting
2017-11-29 19:29:00
zdt
zdt
FortiGate SSL VPN Portal 5.x Cross Site Scripting Vulnerability
2017-12-04 00:00:00
nvd
nvd
CVE-2017-14186
2017-11-29 19:29:00
nuclei
nuclei
FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
2022-09-21 13:42:02
fortinet
fortinet
Protect
2019-05-24 00:00:00