CVE-2017-3127
MEDIUMFortiOS 5.2.0-5.2.10 - Cross-Site Scripting via srcintf Parameter
Title source: llmDescription
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98048
Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-17-017
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038367
Scores
CVSS v3
6.1
EPSS
0.0031
EPSS Percentile
54.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (11)
fortinet/fortios
5.2.0
fortinet/fortios
5.2.1
fortinet/fortios
5.2.2
fortinet/fortios
5.2.3
fortinet/fortios
5.2.4
fortinet/fortios
5.2.5
fortinet/fortios
5.2.6
fortinet/fortios
5.2.7
fortinet/fortios
5.2.8
fortinet/fortios
5.2.9
... and 1 more
Published
Jun 01, 2017
Tracked Since
Feb 18, 2026