CVE-2017-7335

A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.

Published: Oct 26, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-7335
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
fortinet / fortiwlc	6.1-2	6.1-2.x
fortinet / fortiwlc	6.1-4	6.1-4.x
fortinet / fortiwlc	6.1-5	6.1-5.x
fortinet / fortiwlc	7.0-7	7.0-7.x
fortinet / fortiwlc	7.0-8	7.0-8.x
fortinet / fortiwlc	7.0-9	7.0-9.x
fortinet / fortiwlc	7.0-10	7.0-10.x
fortinet / fortiwlc	8.0	8.0.x
fortinet / fortiwlc	8.1	8.1.x
fortinet / fortiwlc	8.2	8.2.x
fortinet / fortiwlc	8.3.0	8.3.0.x
fortinet / fortiwlc	8.3.1	8.3.1.x
fortinet / fortiwlc	8.3.2	8.3.2.x

Vulnerability Database

289,784

CVE-2017-7335