CVE-2013-1471

Fortinet Fortimail < 4.0 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappshardware

https://www.exploit-db.com/exploits/24435

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://www.fortiguard.com/advisory/FG-IR-013-001.html

[Various Sources] http://www.vulnerability-lab.com/get_content.php?id=701

[Exploit] http://www.youtube.com/watch?v=5d7cIaM80oY

Scores

EPSS 0.0490

EPSS Percentile 89.5%

Details

CWE

CWE-79

Status published

Products (9)

fortinet/fortimail < 4.0

fortinet/fortimail

fortinet/fortimail

fortinet/fortimail

fortinet/fortimail

fortinet/fortimail

fortinet/fortimail

fortinet/fortimail

n/a/n/a

Published Feb 04, 2013

Tracked Since Feb 18, 2026