Back to search
CVE-2017-14186
Published: Nov 29, 2017
Modified: Oct 25, 2024
PUBLISHED
Description
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows a remote user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.
| Vendor | Product | Versions |
|---|---|---|
Fortinet, Inc. | FortiOS | affected 5.6.0 to 5.6.2affected 5.4.0 to 5.4.6affected 5.2.0 to 5.2.12affected 5.0 and below |
References
1039891
vdb-entry
x_refsource_SECTRACK
101955
vdb-entry
x_refsource_BID
https://fortiguard.com/advisory/FG-IR-17-242
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now