vulnerability

Fortinet FortiOS: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2017-7739)

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Nov 13, 2017
Added
Feb 20, 2018
Modified
Mar 30, 2026

Description

A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.

Solution

fortios-upgrade-latest
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.