CVE-2017-7736: XSS
First published: Wed Nov 22 2017(Updated: )
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWeb | <=5.7.1 | |
| Fortinet FortiWeb | =5.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-7736?
CVE-2017-7736 is considered a medium severity vulnerability due to its potential impact on user sessions and data integrity.
How do I fix CVE-2017-7736?
To fix CVE-2017-7736, upgrade Fortinet FortiWeb to version 5.8.1 or later.
What types of systems are affected by CVE-2017-7736?
CVE-2017-7736 affects Fortinet FortiWeb versions up to and including 5.8.0 and 5.7.1.
What is stored Cross-site Scripting in the context of CVE-2017-7736?
Stored Cross-site Scripting in CVE-2017-7736 refers to an attack where malicious scripts are injected through the Certificate View page and stored in the application.
What potential impacts does CVE-2017-7736 have on users?
CVE-2017-7736 could allow attackers to execute arbitrary scripts in users' browsers, leading to session hijacking or data theft.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/fortinet
- canonical/fortinet fortiweb
- version/fortinet fortiweb/5.7.1
- version/fortinet fortiweb/5.8.0