CVE-2017-7340

6.1MEDIUM

Key Information:

Vendor
Fortinet
Status
Fortinet Fortiportal
Vendor
CVE Published:
25 March 2019

Summary

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.

Affected Version(s)

Fortinet FortiPortal 4.0.0 and below

References

https://fortiguard.com/psirt/FG-IR-17-114
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.