CVE-2015-3626
FortiOS < 5.2.4 - Cross-Site Scripting via DHCP Monitor Page Hostname
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.fortiguard.com/advisory/FG-IR-15-018/
Vendor Advisory x_refsource_confirm
http://www.fortiguard.com/advisory/dhcp-hostname-html-injection
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033144
Vendor Advisory x_refsource_confirm
http://fortiguard.com/advisory/dhcp-hostname-html-injection
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (1)
fortinet/fortios
< 5.2.3
Published
Aug 11, 2015
Tracked Since
Feb 18, 2026