CVE-2017-14190
MEDIUMFortiOS < 5.2.0 - Cross-Site Scripting via Host Header
Title source: llmDescription
A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040284
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102779
Mitigation, Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-17-262
Scores
CVSS v3
6.1
EPSS
0.0039
EPSS Percentile
60.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
fortinet/fortios
< 5.2.0
Published
Jan 29, 2018
Tracked Since
Feb 18, 2026