var-201705-3939
Vulnerability from variot
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. Fortinet FortiPortal Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiPortal is prone to the following multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. Versions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3939", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortiportal", "scope": "lte", "trust": 1.8, "vendor": "fortinet", "version": "4.0.0" }, { "model": "fortiportal", "scope": "eq", "trust": 0.6, "vendor": "fortinet", "version": "4.0.0" }, { "model": "fortiportal", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "4.0" }, { "model": "fortiportal", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "4.0.1" } ], "sources": [ { "db": "BID", "id": "98484" }, { "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "db": "CNNVD", "id": "CNNVD-201703-1375" }, { "db": "NVD", "id": "CVE-2017-7339" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:fortinet:fortiportal", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-004226" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "David Tredger, Senior Security Consultant, Aura Information Security", "sources": [ { "db": "BID", "id": "98484" } ], "trust": 0.3 }, "cve": "CVE-2017-7339", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2017-7339", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-115542", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2017-7339", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-7339", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-7339", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201703-1375", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-115542", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-115542" }, { "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "db": "CNNVD", "id": "CNNVD-201703-1375" }, { "db": "NVD", "id": "CVE-2017-7339" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the \u0027Name\u0027 and \u0027Description\u0027 inputs in the \u0027Add Revision Backup\u0027 functionality. Fortinet FortiPortal Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiPortal is prone to the following multiple security vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restriction and perform unauthorized actions, redirect users to an attacker-controlled site or obtain sensitive information. \nVersions prior to FortiPortal 4.0.1 are vulnerable. Fortinet FortiPortal is a product developed by Fortinet to help Managed Security Service Provider (MSSP) operate cloud-based security management and log retention services", "sources": [ { "db": "NVD", "id": "CVE-2017-7339" }, { "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "db": "BID", "id": "98484" }, { "db": "VULHUB", "id": "VHN-115542" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-7339", "trust": 2.8 }, { "db": "JVNDB", "id": "JVNDB-2017-004226", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201703-1375", "trust": 0.7 }, { "db": "BID", "id": "98484", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-115542", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-115542" }, { "db": "BID", "id": "98484" }, { "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "db": "CNNVD", "id": "CNNVD-201703-1375" }, { "db": "NVD", "id": "CVE-2017-7339" } ] }, "id": "VAR-201705-3939", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-115542" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:52:23.386000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FortiPortal Multiple Vulnerabilities", "trust": 0.8, "url": "https://fortiguard.com/psirt/FG-IR-17-114" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-004226" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-115542" }, { "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "db": "NVD", "id": "CVE-2017-7339" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://fortiguard.com/psirt/fg-ir-17-114" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7339" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7339" }, { "trust": 0.3, "url": "http://www.fortinet.com/" } ], "sources": [ { "db": "VULHUB", "id": "VHN-115542" }, { "db": "BID", "id": "98484" }, { "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "db": "CNNVD", "id": "CNNVD-201703-1375" }, { "db": "NVD", "id": "CVE-2017-7339" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-115542" }, { "db": "BID", "id": "98484" }, { "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "db": "CNNVD", "id": "CNNVD-201703-1375" }, { "db": "NVD", "id": "CVE-2017-7339" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-27T00:00:00", "db": "VULHUB", "id": "VHN-115542" }, { "date": "2017-05-15T00:00:00", "db": "BID", "id": "98484" }, { "date": "2017-06-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "date": "2017-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201703-1375" }, { "date": "2017-05-27T00:29:01.190000", "db": "NVD", "id": "CVE-2017-7339" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-31T00:00:00", "db": "VULHUB", "id": "VHN-115542" }, { "date": "2017-05-15T00:00:00", "db": "BID", "id": "98484" }, { "date": "2017-06-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004226" }, { "date": "2017-05-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201703-1375" }, { "date": "2024-11-21T03:31:39.100000", "db": "NVD", "id": "CVE-2017-7339" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201703-1375" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fortinet FortiPortal Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-004226" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201703-1375" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.