CVE-2017-3130

An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets...

CVE-2017-3130

CVE-2017-3130 concerns Fortinet FortiOS information disclosure: FortiOS 5.6.0, 5.4.4 and earlier versions leak the FortiOS build/version by inspecting IKE VendorID packets. The vulnerability affects FortiOS IKE processing and can expose system version information without user interaction. Documen...

Fortinet FortiOS 5.2.x < 5.2.12 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 Multiple Vulnerabilities (FG-IR-17-104)

The version of Fortinet FortiOS running on the remote device is 5.2.x prior to 5.2.12, 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1. It is, therefore, affected by multiple vulnerabilities including multiple cross-site scripting XSS vulnerabilities and a flaw in the support of Server Message Bloc...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-26261)

Fortinet FortiOS is the United States Fita Fortinet company developed a set of dedicated to FortiGate network security platform on the security operating system. A cross-site scripting vulnerability exists in Fortinet FortiOS. A remote attacker could exploit this vulnerability to execute arbitrar...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-26262)

Fortinet FortiOS is the United States Fita Fortinet company developed a set of dedicated to FortiGate network security platform on the security operating system. A cross-site scripting vulnerability exists in Fortinet FortiOS. A remote attacker could exploit this vulnerability to execute arbitrar...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-26263)

Fortinet FortiOS is the United States Fita Fortinet company developed a set of dedicated to FortiGate network security platform on the security operating system. A cross-site scripting vulnerability exists in Fortinet FortiOS. A remote attacker could exploit this vulnerability to execute arbitrar...

FortiOS 5.6.0 Cross Site Scripting

Title: FortiOS = 5.6.0 Multiple XSS Vulnerabilities Vendor: Fortinet www.fortinet.com CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133 Date: 28.07.2016 Author: Patryk Bogdan @patrykbogdan Affected FortiNet products: CVE-2017-3131 : FortiOS versions 5.4.0 to 5.6.0 CVE-2017-3132 : FortiOS versions...

FortiOS < 5.6.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: FortiOS = 5.6.0 Multiple XSS Vulnerabilities Vendor: Fortinet www.fortinet.com CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133 Date: 28.07.2016 Author: Patryk Bogdan @patrykbogdan Affected FortiNet products: CVE-2017-3131 : FortiOS...

FortiOS 5.6.0 - Cross-Site Scripting

FortiOS 5.6.0 - Cross-Site Scripting Title: FortiOS = 5.6.0 Multiple XSS Vulnerabilities Vendor: Fortinet www.fortinet.com CVE: CVE-2017-3131, CVE-2017-3132, CVE-2017-3133 Date: 28.07.2016 Author: Patryk Bogdan @patrykbogdan Affected FortiNet products: CVE-2017-3131 : FortiOS versions 5.4.0 to...

FortiOS XSS vulnerabilities via FortiView Application filter, FortiToken activation & SSL VPN Replacement Messages

Three XSS vulnerabilities...

Fortinet FortiOS 5.2.x / 5.3.x / 5.4.x < 5.4.5 Multiple XSS (FG-IR-17-127)

The version of Fortinet FortiOS running on the remote device is 5.2.x, 5.3.x, or 5.4.x prior to 5.4.4. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities : - A cross-site scripting XSS vulnerability exists when saving configuration revisions due to improper validation...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-11806)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-11805)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site...

FortiOS XSS vulnerabilities via User Groups & Config Revision Comments

Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...

Fortinet FortiOS 5.0.x / 5.2.x < 5.2.11 'global-label' Parameter XSS (FG-IR-17-057)

The version of Fortinet FortiOS running on the remote device is 5.0.x or 5.2.x prior to 5.2.11. It is, therefore, affected by a stored cross-site scripting XSS vulnerability due to improper validation of user-supplied input to the 'global-label' parameter. An authenticated, remote attacker can...

Cross site scripting

A stored XSS Cross-Site-Scripting vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter...

CVE-2017-3128

A stored XSS Cross-Site-Scripting vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter...

CVE-2017-3128

A stored XSS Cross-Site-Scripting vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter...

CVE-2017-3128

A stored XSS Cross-Site-Scripting vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter...

CVE-2017-3128

Fortinet FortiOS is affected by a stored XSS vulnerability in the policy global-label parameter. Root cause: improper validation of user-supplied input. Affected versions are FortiOS 5.0.x and 5.2.x prior to 5.2.11. Exploitation requires authentication and privileges; an attacker with write privi...