CVE-2018-13380

MEDIUM NUCLEI

Fortinet Fortios < 5.2 - XSS

Title source: rule

Description

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.

Nuclei Templates (1)

Fortinet FortiOS - Cross-Site Scripting

MEDIUMby shelld3v,AaronChen0

Shodan:

http.html:"/remote/login" "xxxxxxxx" || http.favicon.hash:945408572 || cpe:"cpe:2.3:o:fortinet:fortios" || port:10443 http.favicon.hash:945408572

FOFA: body="/remote/login" "xxxxxxxx" || icon_hash=945408572

References (2)

[Mitigation, Vendor Advisory] https://fortiguard.com/advisory/FG-IR-18-383

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-20-230

Scores

CVSS v3 4.7

EPSS 0.2288

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Details

CWE

CWE-79

Status published

Products (3)

fortinet/fortios < 5.2

fortinet/fortiproxy 2.0.0

fortinet/fortiproxy < 1.2.8

Published Jun 04, 2019

Tracked Since Feb 18, 2026