CVE-2018-13380

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.

Published: Jun 4, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-13380
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
fortinet / fortios	6.0.0	6.0.4.x
fortinet / fortios	5.6.0	5.6.7.x
fortinet / fortios	5.4.0	5.4.12.x
fortinet / fortios	-	5.2.x
fortinet / fortiproxy	2.0.0	2.0.0.x
fortinet / fortiproxy	-	1.2.8.x

https://fortiguard.com/advisory/FG-IR-18-383
https://fortiguard.com/advisory/FG-IR-20-230

Vulnerability Database

289,784

CVE-2018-13380