CVE-2017-17541
Last modified
CVE-2017-17541 is a vulnerability of currently unknown severity. A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.. EPSS estimates a 0.87% chance of exploitation in the next 30 days.
Description
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer Firmware | <= 5.6.4 |
| Fortinet | Fortianalyzer Firmware | 6.0.0 |
| Fortinet | Fortimanager Firmware | <= 5.6.4 |
| Fortinet | Fortimanager Firmware | 6.0.0 |
References
- http://www.securitytracker.com/id/1041246Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041247Third Party Advisory, VDB Entry
- https://fortiguard.com/advisory/FG-IR-17-305Vendor Advisory
- http://www.securitytracker.com/id/1041246Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1041247Third Party Advisory, VDB Entry
- https://fortiguard.com/advisory/FG-IR-17-305Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-17541?
How severe is CVE-2017-17541?
How do I fix CVE-2017-17541?
Are you affected by CVE-2017-17541?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST