CVE-2013-1471
FortiMail < 4.3.4 - Stored Cross-Site Scripting via Black List or Personal Black/White List
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-1471. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary The document describes multiple web vulnerabilities in Fortinet FortiMail 400 IBE, including XSS via exception-handling bypass and persistent XSS in certificate uploads. It provides detailed PoC examples but lacks executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
Exploits (1)
The document describes multiple web vulnerabilities in Fortinet FortiMail 400 IBE, including XSS via exception-handling bypass and persistent XSS in certificate uploads. It provides detailed PoC examples but lacks executable exploit code.