Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2018-13380

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.

  • Published: Jun 4, 2019
  • Updated: Nov 9, 2025
  • CVE: CVE-2018-13380
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.7
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortios 6.0.0 6.0.4.x
fortinet / fortios 5.6.0 5.6.7.x
fortinet / fortios 5.4.0 5.4.12.x
fortinet / fortios - 5.2.x
fortinet / fortiproxy 2.0.0 2.0.0.x
fortinet / fortiproxy - 1.2.8.x