Cross-Site Scripting Vulnerability in Fortinet FortiAuthenticator
CVE-2018-9186

6.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiauthenticator
Vendor: CVE Published:; 31 May 2018

Summary

A cross-site scripting vulnerability in Fortinet FortiAuthenticator enables attackers to execute arbitrary script code due to a failure in CSRF validation on the affected version's page. By manipulating the HTTP referer header, an attacker can inject malicious scripts, leading to potential unauthorized actions and data exposure.

Affected Version(s)

FortiAuthenticator below 5.3.0 versions

References

https://fortiguard.com/advisory/FG-IR-18-059

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104371

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 31, 2018
Vulnerability Reserved
Apr 2, 2018