EIP-2026-101280

PRE-CVE

Fortigate Firewall 2.x - Policy Admin Interface Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101280. PoCs published by Maarten Hartsuijker.

AI-analyzed exploit summary This is a technical writeup describing a cross-site scripting (XSS) vulnerability in the FortiGate Firewall web administrative interface. The vulnerability allows an attacker to inject malicious script code via URI parameters, potentially leading to theft of authentication credentials.

Description

Fortigate Firewall 2.x - Policy Admin Interface Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Maarten Hartsuijker · textremotehardware

https://www.exploit-db.com/exploits/23377

View Code ZIP pw:eip

This is a technical writeup describing a cross-site scripting (XSS) vulnerability in the FortiGate Firewall web administrative interface. The vulnerability allows an attacker to inject malicious script code via URI parameters, potentially leading to theft of authentication credentials.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FortiGate Firewall (version not specified)

No auth needed

Prerequisites: An administrative user must be enticed to follow a malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026