CVE-2017-3127

MEDIUM

Fortinet Fortios - XSS

Title source: rule

Description

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98048

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-17-017

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038367

Scores

CVSS v3 6.1

EPSS 0.0031

EPSS Percentile 54.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (12)

fortinet/fortios

... and 2 more

Published Jun 01, 2017

Tracked Since Feb 18, 2026