CVE-2017-7735

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.

Published: Sep 12, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-7735
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
fortinet / fortios	5.2.7	5.2.7.x
fortinet / fortios	5.4.3	5.4.3.x
fortinet / fortios	5.2.9	5.2.9.x
fortinet / fortios	5.2.1	5.2.1.x
fortinet / fortios	5.2.10	5.2.10.x
fortinet / fortios	5.2.6	5.2.6.x
fortinet / fortios	5.4.0	5.4.0.x
fortinet / fortios	5.2.4	5.2.4.x
fortinet / fortios	5.4.1	5.4.1.x
fortinet / fortios	5.2.3	5.2.3.x
fortinet / fortios	5.2.5	5.2.5.x
fortinet / fortios	5.2.11	5.2.11.x
fortinet / fortios	5.4.2	5.4.2.x
fortinet / fortios	5.2.0	5.2.0.x
fortinet / fortios	5.2.2	5.2.2.x
fortinet / fortios	5.4.4	5.4.4.x
fortinet / fortios	5.2.8	5.2.8.x

Vulnerability Database

290,020

CVE-2017-7735