Cross-site Scripting Vulnerability in Fortinet FortiADC D Models
CVE-2014-8618

Currently unrated

Key Information:

Vendor: Fortinet
Status: Fortiadc Firmware; Fortiadc-1500d; Fortiadc-2000d; Fortiadc-200d
Vendor: CVE Published:; 12 May 2015

Summary

A cross-site scripting vulnerability exists in the theme login page of Fortinet FortiADC D models prior to version 4.2. This flaw allows remote attackers to execute arbitrary web scripts or HTML by exploiting unspecified vectors. As a result, attackers can potentially compromise user sessions, manipulate web content, and execute malicious code in the context of the users' browser, highlighting the need for timely patching and security best practices.

References

http://www.fortiguard.com/advisory/FG-IR-15-005/

x_refsource_CONFIRM

http://www.securitytracker.com/id/1032265

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
Nov 4, 2014