A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/advisory/FG-IR-18-383 | Mitigation Vendor Advisory |
| https://fortiguard.com/advisory/FG-IR-20-230 | Vendor Advisory |
| https://fortiguard.com/advisory/FG-IR-18-383 | Mitigation Vendor Advisory |
| https://fortiguard.com/advisory/FG-IR-20-230 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:46
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 4.7 |
| References | () https://fortiguard.com/advisory/FG-IR-18-383 - Mitigation, Vendor Advisory | |
| References | () https://fortiguard.com/advisory/FG-IR-20-230 - Vendor Advisory |
Information
Published : 2019-06-04 21:29
Updated : 2024-11-21 03:46
NVD link : CVE-2018-13380
Mitre link : CVE-2018-13380
CVE.ORG link : CVE-2018-13380
JSON object : View
Products Affected
fortinet
- fortiproxy
- fortios
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')