Lucene search

[email protected]NVD:CVE-2013-1471

HistoryFeb 04, 2013 - 7:55 p.m.

CVE-2013-1471

2013-02-0419:55:01

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.

Affected configurations

NVD

Node

fortinetfortimailRange≤4.0mr3

fortinetfortimailMatch3.0mr2

fortinetfortimailMatch3.0mr3

fortinetfortimailMatch3.0mr4

fortinetfortimailMatch3.0mr5

fortinetfortimailMatch4.0

fortinetfortimailMatch4.0mr1

fortinetfortimailMatch4.0mr2

AND

fortinetfortimail-2000bMatch-

fortinetfortimail-200dMatch-

fortinetfortimail-400cMatch-

fortinetfortimail-5002bMatch-

fortinetfortimail-vm2000Match-

References

www.fortiguard.com/advisory/FG-IR-013-001.html

www.vulnerability-lab.com/get_content.php?id=701

www.youtube.com/watch?v=5d7cIaM80oY

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.5%

JSON

Related for NVD:CVE-2013-1471

cve1 cvelist1 nessus1 fortinet1 prion1