CVE-2018-9186
MEDIUMFortinet FortiAuthenticator 4.0.0-5.2.9 - Cross-Site Scripting via HTTP Referer Header
Title source: llmDescription
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://fortiguard.com/advisory/FG-IR-18-059
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104371
Scores
CVSS v3
6.1
EPSS
0.0027
EPSS Percentile
49.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
fortinet/fortiauthenticator
4.0.0 - 5.3.0
Published
May 31, 2018
Tracked Since
Feb 18, 2026