CVE-2014-0331

FortiADC <3.2.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.

References (5)

[Exploit] http://seclists.org/fulldisclosure/2014/Apr/53

[Vendor Advisory] http://www.fortiguard.com/advisory/FG-IR-14-004

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030018

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/66642

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/667340

Scores

EPSS 0.0037

EPSS Percentile 58.2%

Details

CWE

CWE-79

Status published

Products (10)

fortinet/fortiadc_firmware < 3.2.0

fortinet/fortiadc-1000e

fortinet/fortiadc-1500d

fortinet/fortiadc-2000d

fortinet/fortiadc-200d

fortinet/fortiadc-300e

fortinet/fortiadc-4000d

fortinet/fortiadc-400e

fortinet/fortiadc-600e

n/a/n/a

Published Apr 10, 2014

Tracked Since Feb 18, 2026