CVE-2014-4738

FortiGuard FortiWeb <5.2.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.

References (5)

[Third Party Advisory] http://secunia.com/advisories/59882

[Vendor Advisory] http://www.fortiguard.com/advisory/FG-IR-14-012/

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030556

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/94649

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68528

Scores

EPSS 0.0033

EPSS Percentile 55.6%

Details

CWE

CWE-79

Status published

Products (11)

fortinet/fortiweb

... and 1 more

Published Jul 11, 2014

Tracked Since Feb 18, 2026