4/6/2019
25/10/2024
CVE-2018-13380: XSS
First published: Tue Jun 04 2019(Updated: )
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|
Fortinet FortiOS | <=5.2 | |
Fortinet FortiOS | >=5.4.0<=5.4.12 | |
Fortinet FortiOS | >=5.6.0<=5.6.7 | |
Fortinet FortiOS | >=6.0.0<=6.0.4 | |
Fortinet FortiProxy | <=1.2.8 | |
Fortinet FortiProxy | =2.0.0 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-13380?
CVE-2018-13380 is a Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS and Fortinet FortiProxy.
How does CVE-2018-13380 affect Fortinet FortiOS and Fortinet FortiProxy?
CVE-2018-13380 allows an attacker to execute unauthorized malicious script code via the error or message handling parameter in the SSL VPN web portal.
What versions of Fortinet FortiOS and Fortinet FortiProxy are affected by CVE-2018-13380?
Fortinet FortiOS versions 5.2 and below, 5.4.0 to 5.4.12, 5.6.0 to 5.6.7, and 6.0.0 to 6.0.4, as well as Fortinet FortiProxy versions 1.2.8 and below, and version 2.0.0 are affected.
What is the severity of CVE-2018-13380?
CVE-2018-13380 has a severity of medium, with a CVSS score of 6.1.
How can I fix CVE-2018-13380?
To fix CVE-2018-13380, update Fortinet FortiOS to version 6.0.5, 5.6.8, 5.4.13, or later, and update Fortinet FortiProxy to version 2.0.1 or later.
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortios
- version/fortinet fortios/5.2
- version/fortinet fortios/5.4.0
- version/fortinet fortios/5.4.12
- version/fortinet fortios/5.6.0
- version/fortinet fortios/5.6.7
- version/fortinet fortios/6.0.0
- version/fortinet fortios/6.0.4
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.2.8
- version/fortinet fortiproxy/2.0.0
Contact
SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.coBy using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203