CVE-2017-7734
MEDIUMFortinet FortiOS 5.4.0-5.4.4 - Stored Cross-Site Scripting via Config Revisions Comments
Title source: llmDescription
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038705
Mitigation, Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-17-127
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99098
Scores
CVSS v3
5.4
EPSS
0.0031
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (6)
fortinet/fortios
5.4.0
fortinet/fortios
5.4.1
fortinet/fortios
5.4.2
fortinet/fortios
5.4.3
fortinet/fortios
5.4.4
Fortinet, Inc./Fortinet FortiOS
FortiOS versions 5.4.0 through 5.4.4
Published
Sep 12, 2017
Tracked Since
Feb 18, 2026