Cross-Site Scripting Vulnerability in Fortinet FortiAuthenticator
CVE-2018-9186

6.1MEDIUM

Key Information:

Vendor

Fortinet
Status
Fortiauthenticator
Vendor
CVE Published:
31 May 2018

What is CVE-2018-9186?

A cross-site scripting vulnerability in Fortinet FortiAuthenticator enables attackers to execute arbitrary script code due to a failure in CSRF validation on the affected version's page. By manipulating the HTTP referer header, an attacker can inject malicious scripts, leading to potential unauthorized actions and data exposure.

Affected Version(s)

FortiAuthenticator below 5.3.0 versions

References

https://fortiguard.com/advisory/FG-IR-18-059
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104371
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.