CVE-2017-17541: XSS
First published: Mon Jul 16 2018(Updated: )
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet Fortianalyzer Firmware | <=5.6.4 | |
| Fortinet Fortianalyzer Firmware | =6.0.0 | |
| Fortinet Fortimanager Firmware | <=5.6.4 | |
| Fortinet Fortimanager Firmware | =6.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortianalyzer firmware
- version/fortinet fortianalyzer firmware/5.6.4
- version/fortinet fortianalyzer firmware/6.0.0
- canonical/fortinet fortimanager firmware
- version/fortinet fortimanager firmware/5.6.4
- version/fortinet fortimanager firmware/6.0.0