Cross-Site Scripting Vulnerability in Fortinet FortiPortal Software
CVE-2017-7339

6.1MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortinet Fortiportal
Vendor
CVE Published:
27 May 2017

What is CVE-2017-7339?

A Cross-Site Scripting vulnerability exists in Fortinet FortiPortal versions 4.0.0 and earlier, enabling attackers to inject malicious scripts through input fields such as 'Name' and 'Description' during the 'Add Revision Backup' process. Successful exploitation allows unauthorized execution of scripts in the context of the user's session, potentially compromising sensitive data and user actions.

Affected Version(s)

Fortinet FortiPortal FortiPortal versions 4.0.0 and below

References

https://fortiguard.com/psirt/FG-IR-17-114
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.