CVE-2015-1451

LOW

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.

Score CVSS v2.0

3.5

/ 10.0

LOW

AV:N/AC:M/Au:S/C:N/I:P/A:N

Informations

Publié: 2 févr. 2015
Mis à jour: 12 avr. 2025
Statut: Deferred
Source: cve@mitre.org

Produits affectés

fortinet fortiosToutes les CVE Fortinet FortiOS →

Versions : 5.0.7

Faiblesses (CWE)

CWE-79

Références (10)

http://seclists.org/fulldisclosure/2015/Jan/125
Exploit
http://secunia.com/advisories/61661
http://www.fortiguard.com/advisory/FG-IR-15-002/
Vendor Advisory
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf
Exploit
http://www.securityfocus.com/bid/72383
http://seclists.org/fulldisclosure/2015/Jan/125
Exploit
http://secunia.com/advisories/61661
http://www.fortiguard.com/advisory/FG-IR-15-002/
Vendor Advisory
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiOS_Multiple_Vulnerabilities.pdf
Exploit
http://www.securityfocus.com/bid/72383

CVEs similaires

Autres vulnérabilités de type CWE-79

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance