A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Fortinet
  • Fortios

Configuration 1 [-]

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.securityfocus.com/bid/102779 cve-icon cve-icon
http://www.securitytracker.com/id/1040284 cve-icon cve-icon
https://fortiguard.com/advisory/FG-IR-17-262 cve-icon cve-icon
History

Fri, 25 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2018-01-29T16:00:00Z

Updated: 2024-10-25T14:10:07.889Z

Reserved: 2017-09-07T00:00:00

Link: CVE-2017-14190

cve-icon Vulnrichment

Updated: 2024-08-05T19:20:41.098Z

cve-icon NVD

Status : Modified

Published: 2018-01-29T16:29:00.230

Modified: 2024-11-21T03:12:19.707

Link: CVE-2017-14190

cve-icon Redhat

No data.