CVE-2017-3131

MEDIUM NUCLEI

Fortinet Fortios - XSS

Title source: rule

Description

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.

Exploits (1)

exploitdb WORKING POC VERIFIED

by patryk_bogdan · textwebappshardware

https://www.exploit-db.com/exploits/42388

View Code ZIP pw:eip

Nuclei Templates (1)

FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting

MEDIUMby ritikchaddha

Shodan: http.html:"/remote/login" "xxxxxxxx" || http.favicon.hash:945408572 || cpe:"cpe:2.3:o:fortinet:fortios"

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100009

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039020

[Mitigation, Vendor Advisory] https://fortiguard.com/advisory/FG-IR-17-104

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42388/

Scores

CVSS v3 5.4

EPSS 0.1148

EPSS Percentile 93.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (7)

fortinet/fortios 5.4.0

fortinet/fortios 5.4.1

fortinet/fortios 5.4.2

fortinet/fortios 5.4.3

fortinet/fortios 5.4.4

fortinet/fortios 5.6.0

Fortinet, Inc./Fortinet FortiOS FortiOS versions 5.4.0 through 5.4.4 and 5.6.0

Published Sep 12, 2017

Tracked Since Feb 18, 2026