CVE-2018-9186: XSS
First published: Thu May 31 2018(Updated: )
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiAuthenticator | >=4.0.0<5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator?
The vulnerability ID is CVE-2018-9186.
What is the severity of CVE-2018-9186?
The severity of CVE-2018-9186 is medium with a CVSS score of 6.1.
Which versions of Fortinet FortiAuthenticator are affected by CVE-2018-9186?
Versions 4.0.0 to before 5.3.0 of Fortinet FortiAuthenticator are affected by CVE-2018-9186.
How does CVE-2018-9186 work?
CVE-2018-9186 allows an attacker to execute unauthorized script code by injecting malicious scripts in the HTTP referer header and exploiting a CSRF validation failure page.
Are there any available references for CVE-2018-9186?
Yes, you can find more information about CVE-2018-9186 at the following references: [http://www.securityfocus.com/bid/104371](http://www.securityfocus.com/bid/104371) and [https://fortiguard.com/advisory/FG-IR-18-059](https://fortiguard.com/advisory/FG-IR-18-059).
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fortinet
- canonical/fortinet fortiauthenticator
- version/fortinet fortiauthenticator/4.0.0