CVE-2017-3129

MEDIUM

Fortinet Fortiweb < 5.7.1 - XSS

Title source: rule

Description

A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98382

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-17-076

Scores

CVSS v3 6.1

EPSS 0.0027

EPSS Percentile 49.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

fortinet/fortiweb < 5.7.1

Fortinet, Inc./Fortinet FortiWeb < FortiWeb versions 5.7.1 and below

Published May 27, 2017

Tracked Since Feb 18, 2026