Описание
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:fortinet:fortimail:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimail:5.3.9:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00852
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.
EPSS
Процентиль: 74%
0.00852
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79