CVE-2017-7736

Published: Nov 22, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.

Affected (2)

Products: Fortinet: Fortiweb

Fortinet

1 product

Fortiweb

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiweb	Up to 5.7.1
Fortinet Fortiweb	Version 5.8.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securityfocus.com/bid/101916

Source: psirt@fortinet.com

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-17-131

Source: psirt@fortinet.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/101916

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-17-131

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.