CVE-2017-3133

MEDIUM NUCLEI

Fortinet Fortios < 5.6.0 - XSS

Title source: rule

Description

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.

Exploits (1)

exploitdb WORKING POC VERIFIED

by patryk_bogdan · textwebappshardware

https://www.exploit-db.com/exploits/42388

View Code ZIP pw:eip

Nuclei Templates (1)

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

MEDIUMby ritikchaddha

Shodan: http.html:"/remote/login" "xxxxxxxx" || http.favicon.hash:945408572 || cpe:"cpe:2.3:o:fortinet:fortios"

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100009

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039020

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-17-104

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42388/

Scores

CVSS v3 6.1

EPSS 0.0869

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

fortinet/fortios < 5.6.0

Fortinet, Inc./Fortinet FortiOS FortiOS versions 5.6.0 and earlier

Published Sep 12, 2017

Tracked Since Feb 18, 2026