XSS in Fortinet Fortiauthenticator

CVE-2015-1459

Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (62.4th percentile) — read the EPSS interpretation.

Affected products

Fortinet Fortiauthenticator — versions 3.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

fortinetfortiauthenticator-scep-xss(100561) (vdb-entry, x_refsource_XF)
62836 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
72378 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (Exploit, x_refsource_MISC)