CVE-2017-3128

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.0.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:5.2.10:*:*:*:*:*:*:*

History

21 Nov 2024, 03:24

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/98514 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/98514 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1038541 - () http://www.securitytracker.com/id/1038541 -
References () https://fortiguard.com/psirt/FG-IR-17-057 - Vendor Advisory () https://fortiguard.com/psirt/FG-IR-17-057 - Vendor Advisory

Information

Published : 2017-05-23 17:29

Updated : 2024-11-21 03:24


NVD link : CVE-2017-3128

Mitre link : CVE-2017-3128

CVE.ORG link : CVE-2017-3128


JSON object : View

Products Affected

fortinet

  • fortios
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')