Fortimail 5.2.1 Cross Site Scripting

2015-03-03 / 2015-04-12
Credit: William Costa
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

I. VULNERABILITY ------------------------- XSS Reflected vulnerabilities in Fortimail version 5.2.1 II. BACKGROUND ------------------------- Fortinet?s industry-leading, Network Security Platforms deliver Next Generation Firewall (NGFW) security with exceptional throughput, ultra low latency, and multi-vector threat protection. III. DESCRIPTION ------------------------- Has been detected two XSS Reflected vulnerability in FortiMail in " /module/releasecontrol?release=" parameter ?release? that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser. IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter ?release? in ?/module/releasecontrol?release=? https://10.0.0.38/module/releasecontrol?release=1:aaa:aaaaaaa<script>a lert(document.cookie)</script> V. BUSINESS IMPACT ------------------------- Vulnerability allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser. VI. REQUIREMENTS ----------------------- An Attacker needs to know the IP of the device. An Administrator needs an authenticated connection to the device. VII. SYSTEMS AFFECTED ------------------------- Try FortiMail version 5.2.1 VM VIII. SOLUTION ------------------------- Upgrade version 5.2.3 http://www.fortiguard.com/advisory/FG-IR-15-005/

References:

http://www.fortiguard.com/advisory/FG-IR-15-005/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top