CVE-2018-9186

6.1MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiauthenticator
Vendor: CVE Published:; 31 May 2018

Summary

A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.

Affected Version(s)

FortiAuthenticator below 5.3.0 versions

References

https://fortiguard.com/advisory/FG-IR-18-059

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104371

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 31, 2018
Vulnerability Reserved
Apr 2, 2018