What is CVE-2015-1880?

CVE-2015-1880 is a vulnerability in Fortinet Fortios, classified under Cross-site Scripting. Published 2015-05-12.

Is CVE-2015-1880 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Fortinet Fortios

CVE-2015-1880

Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.556 (98.1th percentile) — read the EPSS interpretation.

Affected products

Fortinet Fortios — versions 5.2.0, 5.2.1, 5.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

1032261 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
74652 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1032265 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
1032264 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
1032262 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-1880?: CVE-2015-1880 is a vulnerability in Fortinet Fortios, classified under Cross-site Scripting. Published 2015-05-12.
Is CVE-2015-1880 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.