CVE-2017-14186

CVE-2017-14186

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and below versions under SSL VPN web portal allows an authenticated user to inject arbitrary web script or HTML in the context of the victim’s browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.

Source: CVE-2017-14186

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다