header-logo
Suggest Exploit
vendor:
FortiGate Firewall
by:
SecurityFocus
7,5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: FortiGate Firewall
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Multiple Cross-Site Scripting Vulnerabilities in FortiGate Firewall

Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface. These issues could be exploited by enticing an administrative user to follow a malicious link that includes hostile HTML and script code as values for URI parameters. If such a link is followed, the hostile code may be rendered in the administrator's browser. This could lead to theft of cookie-based authentication credentials, which contain the username and MD5 hash of the password, allowing for full compromise of the firewall.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in web applications.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9033/info

Multiple cross-site scripting vulnerabilities have been reported in the FortiGate Firewall web administrative interface.

These issues could be exploited by enticing an administrative user to follow a malicious link that includes hostile HTML and script code as values for URI parameters. If such a link is followed, the hostile code may be rendered in the administrator's browser. This could lead to theft of cookie-based authentication credentials, which contain the username and MD5 hash of the password, allowing for full compromise of the firewall. 

https://www.example.com/firewall/policy/dlg?q=-1&fzone=t<script>alert('oops')</script>>&tzone=dmz

Navigation

Suggest Exploit

Services By CQR