PT-2018-6529 · Fortinet · Fortianalyzer+1

Published

2018-07-16

Updated

2018-09-12

CVE-2017-17541

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: FortiManager versions 5.6.4 and below FortiAnalyzer versions 5.6.4 and below

Description: A Cross-site Scripting (XSS) issue allows the injection of Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.

Recommendations: For FortiManager versions 5.6.4 and below, update to a version above 5.6.4 to resolve the issue. For FortiAnalyzer versions 5.6.4 and below, update to a version above 5.6.4 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-17541

Affected Products

Fortianalyzer

Fortimanager

PT-2018-6529 · Fortinet · Fortianalyzer+1

CVE-2017-17541

Weakness Enumeration

Related Identifiers

Affected Products

References · 5