PT-2013-3153 · Fortinet · Fortimail

Benjamin Kunz Mejri

Published

2013-02-04

Updated

2013-02-08

CVE-2013-1471

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Fortinet FortiMail versions prior to 4.3.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow user-assisted remote attackers to inject arbitrary web script or HTML. The vulnerabilities can be exploited via the Add field for the Black List under Antispam Management User Preferences or the User name field for the Personal Black/White List in the AntiSpam section.

Recommendations For Fortinet FortiMail versions prior to 4.3.4, update to version 4.3.4 or later to resolve the issue. As a temporary workaround, consider restricting user input in the Add field for the Black List and the User name field for the Personal Black/White List to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2013-1471

Affected Products

Fortimail

PT-2013-3153 · Fortinet · Fortimail

CVE-2013-1471

Weakness Enumeration

Related Identifiers

Affected Products

References · 5