CVE-2017-7339

MEDIUM

Fortinet FortiPortal <4.0.0 - XSS

Title source: llm

Description

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.

References (1)

[Vendor Advisory] https://fortiguard.com/psirt/FG-IR-17-114

Scores

CVSS v3 6.1

EPSS 0.0030

EPSS Percentile 53.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

fortinet/fortiportal < 4.0.0

Fortinet, Inc./Fortinet FortiPortal < FortiPortal versions 4.0.0 and below

Published May 27, 2017

Tracked Since Feb 18, 2026