vulnerability

Fortinet FortiAnalyzer: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2017-17541)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 16, 2018	Nov 28, 2019	Nov 28, 2019

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 16, 2018

Added

Nov 28, 2019

Modified

Nov 28, 2019

Description

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.

Solution

fortinet-fortianalyzer-upgrade-latest

References

CVE-2017-17541
https://attackerkb.com/topics/CVE-2017-17541
URL-http://www.securitytracker.com/id/1041246
URL-http://www.securitytracker.com/id/1041247
URL-https://fortiguard.com/advisory/FG-IR-17-305

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today