CVE-2014-8617: XSS
First published: Wed Mar 04 2015(Updated: )
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Fortimail-200d | <=4.3.8 | |
| Fortinet Fortimail-200d | =5.0 | |
| Fortinet Fortimail-200d | =5.0.1 | |
| Fortinet Fortimail-200d | =5.0.2 | |
| Fortinet Fortimail-200d | =5.0.3 | |
| Fortinet Fortimail-200d | =5.0.4 | |
| Fortinet Fortimail-200d | =5.0.5 | |
| Fortinet Fortimail-200d | =5.0.6 | |
| Fortinet Fortimail-200d | =5.0.7 | |
| Fortinet Fortimail-200d | =5.1 | |
| Fortinet Fortimail-200d | =5.1.1 | |
| Fortinet Fortimail-200d | =5.1.2 | |
| Fortinet Fortimail-200d | =5.1.3 | |
| Fortinet Fortimail-200d | =5.1.4 | |
| Fortinet Fortimail-200d | =5.2 | |
| Fortinet Fortimail-200d | =5.2.1 | |
| Fortinet Fortimail-200d | =5.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-8617?
CVE-2014-8617 is classified as a medium severity vulnerability due to its potential for exploitation through cross-site scripting.
How do I fix CVE-2014-8617?
To address CVE-2014-8617, it is recommended to upgrade Fortinet FortiMail to versions 4.3.9, 5.0.8, 5.1.5, or 5.2.3 or later.
What are the affected versions of Fortinet FortiMail for CVE-2014-8617?
CVE-2014-8617 affects Fortinet FortiMail versions prior to 4.3.9, all versions of 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3.
What type of vulnerability is CVE-2014-8617?
CVE-2014-8617 is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML.
Who can be affected by CVE-2014-8617?
Users of Fortinet FortiMail who are running the vulnerable versions may be at risk of exploitation by attackers leveraging the XSS vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/fortinet
- canonical/fortinet fortimail-200d
- version/fortinet fortimail-200d/4.3.8
- version/fortinet fortimail-200d/5.0
- version/fortinet fortimail-200d/5.0.1
- version/fortinet fortimail-200d/5.0.2
- version/fortinet fortimail-200d/5.0.3
- version/fortinet fortimail-200d/5.0.4
- version/fortinet fortimail-200d/5.0.5
- version/fortinet fortimail-200d/5.0.6
- version/fortinet fortimail-200d/5.0.7
- version/fortinet fortimail-200d/5.1
- version/fortinet fortimail-200d/5.1.1
- version/fortinet fortimail-200d/5.1.2
- version/fortinet fortimail-200d/5.1.3
- version/fortinet fortimail-200d/5.1.4
- version/fortinet fortimail-200d/5.2
- version/fortinet fortimail-200d/5.2.1
- version/fortinet fortimail-200d/5.2.2