exploitDog

CVE-2012-6346

Опубликовано: 09 фев. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.

Ссылки

https://fortiguard.com/psirt/FG-IR-012-008
Vendor Advisory
https://www.vulnerability-lab.com/get_content.php?id=702
Third Party Advisory
https://fortiguard.com/psirt/FG-IR-012-008
Vendor Advisory
https://www.vulnerability-lab.com/get_content.php?id=702
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*

Версия до 4.4.4 (исключая)

EPSS

Процентиль: 49%

0.0026

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qfq4-hgm7-w9m6

CVSS3: 6.1

github

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate.

EPSS

Процентиль: 49%

0.0026

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79