Home

CVE-2017-14186

Description

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victims browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
4.051

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-14185 ,CVE-2017-14186 ,CVE-2017-14187 ,CVE-2017-14190 are affected in fortios 5.6.2NCM
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2017-14186)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234