CVE-2016-3978
MEDIUM NUCLEIFortiOS 5.0.x < 5.0.13, 5.2.x < 5.2.3, 5.4.x < 5.4.0 - Cross-Site Scripting via Login Redirect Parameter
Title source: llmExploitation Summary
CVE-2016-3978 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."
Nuclei Templates (1)
Fortinet FortiOS - Open Redirect/Cross-Site Scripting
MEDIUMby 0x_Akoko
Shodan:
http.html:"/remote/login" "xxxxxxxx" || http.favicon.hash:945408572 || cpe:"cpe:2.3:o:fortinet:fortios" || port:10443 http.favicon.hash:945408572
FOFA:
body="/remote/login" "xxxxxxxx" || icon_hash=945408572
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035332
Vendor Advisory x_refsource_confirm
http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Mar/68
Scores
CVSS v3
6.1
EPSS
0.0544
EPSS Percentile
90.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (17)
fortinet/fortios
5.0.0
fortinet/fortios
5.0.1
fortinet/fortios
5.0.2
fortinet/fortios
5.0.3
fortinet/fortios
5.0.4
fortinet/fortios
5.0.5
fortinet/fortios
5.0.6
fortinet/fortios
5.0.7
fortinet/fortios
5.0.8
fortinet/fortios
5.0.9
... and 7 more
Published
Apr 08, 2016
Tracked Since
Feb 18, 2026