CVE-2012-0941

Опубликовано: 08 фев. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.

Ссылки

http://packetstormsecurity.org/files/109168/VL-144.txt
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/51708
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/72761
VDB Entry
https://fortiguard.com/psirt/FG-IR-012-001
Vendor Advisory
https://securitytracker.com/id/1026594
Third Party Advisory
VDB Entry
https://www.vulnerability-lab.com/get_content.php?id=144
Exploit
Third Party Advisory
http://packetstormsecurity.org/files/109168/VL-144.txt
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/51708
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/72761
VDB Entry
https://fortiguard.com/psirt/FG-IR-012-001
Vendor Advisory
https://securitytracker.com/id/1026594
Third Party Advisory
VDB Entry
https://www.vulnerability-lab.com/get_content.php?id=144
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Версия от 4.3.0 (включая) до 4.3.6 (исключая)

EPSS

Процентиль: 75%

0.0086

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x7j8-jprm-x8f3

CVSS3: 6.1

github

больше 3 лет назад

BDU:2018-01291

CVSS3: 6.1

fstec

около 14 лет назад

Уязвимость операционной системы FortiOS, вызванная недостаточной защитой структуры веб-страницы, позволяющая нарушителю внедрить произвольный JavaScript или HTML-код

EPSS

Процентиль: 75%

0.0086

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79