CVE-2017-7339
MEDIUMFortinet FortiPortal < 4.0.0 - Cross-Site Scripting via Add Revision Backup Name and Description Inputs
Title source: llmDescription
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/psirt/FG-IR-17-114
Scores
CVSS v3
6.1
EPSS
0.0030
EPSS Percentile
53.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
fortinet/fortiportal
< 4.0.0
Fortinet, Inc./Fortinet FortiPortal
FortiPortal versions 4.0.0 and below
Published
May 27, 2017
Tracked Since
Feb 18, 2026