Cross-Site Scripting Vulnerability in Fortinet FortiWLC
CVE-2017-7335

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiwlc
Vendor: CVE Published:; 26 October 2017

What is CVE-2017-7335?

Fortinet FortiWLC introduces a Cross-Site Scripting vulnerability due to the improper handling of HTTP POST request parameters. Authenticated users can exploit this weakness by injecting malicious web scripts or HTML through the 'refresh' and 'branchtotable' parameters. This flaw can lead to significant security risks including unauthorized access and data manipulation.

References

http://www.securityfocus.com/bid/101287

vdb-entryx_refsource_BID

https://fortiguard.com/psirt/FG-IR-17-106

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2017
Vulnerability Reserved
Mar 30, 2017