CVE-2021-43062

MEDIUM NUCLEI

Fortinet FortiMail <7.0.1 - XSS

Title source: llm

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.

Exploits (1)

exploitdb WORKING POC

by Braiant Giraldo Villa · textwebappsmultiple

https://www.exploit-db.com/exploits/50759

View Code ZIP pw:eip

Nuclei Templates (1)

Fortinet FortiMail 7.0.1 - Cross-Site Scripting

MEDIUMby ajaysenr

Shodan: http.title:"fortimail"

FOFA: title="fortimail" || fortimail && port=443

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166055/Fortinet-Fortimail-7.0.1-Cross-Site-Scripting.html

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-21-185

Scores

CVSS v3 6.1

EPSS 0.5710

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

fortinet/fortimail 6.2.0 - 6.2.8

Published Feb 02, 2022

Tracked Since Feb 18, 2026