Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveFortinetCVE-2018-13380
HistoryJun 04, 2019 - 9:29 p.m.

CVE-2018-13380

2019-06-0421:29:00
CWE-79
fortinet
web.nvd.nist.gov
226
cve-2018-13380
cross-site scripting
xss
fortinet
fortios
fortiproxy
ssl vpn
web portal
security vulnerability
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

46.8%

JSON

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.

Affected configurations

Nvd
Node
fortinetfortiosRange5.2
OR
fortinetfortiosRange5.4.05.4.12
OR
fortinetfortiosRange5.6.05.6.7
OR
fortinetfortiosRange6.0.06.0.4
Node
fortinetfortiproxyRange1.2.8
OR
fortinetfortiproxyMatch2.0.0
VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
fortinetfortiproxy*cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinetfortiproxy2.0.0cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Fortinet FortiOS and FortiProxy",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiGate 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4.0 through 5.4.12, 5.2 and earlier and FortiProxy versions 2.0.0, 1.2.8 and earlier"
      }
    ]
  }
]

Related

prion 1
fortinet 2
nessus 2
cvelist 1
checkpoint_advisories 1
nuclei 1
nvd 1
prion
prion
Cross site scripting
2019-06-04 21:29:00
fortinet
fortinet
Protect
2019-11-26 00:00:00
FortiProxy multiple pre-auth XSS vulnerabilities on SSL VPN
2021-03-02 00:00:00
nessus
nessus
Fortinet FortiOS (Mac OS X) 5.6.0 < 5.6.8 / 6.0.x < 6.0.5 multiple pre-auth XSS vulnerabilities on SSL VPN (FG-IR-18-383) (deprecated)
2019-08-28 00:00:00
Fortinet FortiOS 5.6.0 < 5.6.8 / 6.0.x < 6.0.5 multiple pre-auth XSS vulnerabilities on SSL VPN (FG-IR-18-383)
2019-08-28 00:00:00
cvelist
cvelist
CVE-2018-13380
2019-06-04 20:12:06
checkpoint_advisories
checkpoint_advisories
Fortinet FortiOS Cross Site Scripting (CVE-2018-13380)
2022-08-21 00:00:00
nuclei
nuclei
Fortinet FortiOS - Cross-Site Scripting
2020-11-24 14:30:18
nvd
nvd
CVE-2018-13380
2019-06-04 21:29:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

46.8%

JSON
Related for CVE-2018-13380
prion1fortinet2nessus2cvelist1checkpoint_advisories1nuclei1nvd1