CVE-2017-7739

{"id": "CVE-2017-7739", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-11-13T14:29:00.947", "references": [{"url": "http://www.securityfocus.com/bid/101679", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@fortinet.com"}, {"url": "http://www.securitytracker.com/id/1039741", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/advisory/FG-IR-17-168", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting reflejado en las p\u00e1ginas web de respuesta a mensajes de proxies web en Fortinet FortiOS en versiones 5.6.0, 5.4.0 a la 5.4.5 y la 5.2.0 a la 5.2.11 permite que un atacante sin autenticar inyecte scripts web o HTML arbitrarios en el contexto del navegador de la v\u00edctima enviando una URL maliciosamente manipulada a la v\u00edctima."}], "lastModified": "2017-11-29T15:18:38.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E627C59-7C16-44F0-800D-A2E8A766B26D"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "233236FA-BB13-4261-BE2E-3E617406DC53"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27844CC9-498B-4A65-91AC-AC130222EE5F"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B4C672-7ED5-4113-87AE-5774D1263C0B"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CBEA3AA-AE46-4A55-91EE-9ADC187BF614"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05CB7A90-91BC-49AF-9B5C-EBD212484C64"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "864D3221-177B-43CE-BD7D-CB14A110268E"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31C186D6-6AC5-49EB-A701-C91358B4A25F"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAC9F6C4-F887-4F25-87BD-383F6CF39806"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8558962-7A19-4F4A-BED0-9CB5D4CFC422"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC63D521-EC88-4B13-BC73-3284F3FCF3A4"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB756AF8-F9D2-472E-867B-C04D11F62FA5"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1668AE14-D9A4-4B7D-BC3F-75885792875A"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E0F3B9B-A06F-4A96-B2E7-9DC56E629182"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50F8AE97-A647-4A37-8EF2-BC0BBCC8EADD"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "377A2F0B-2A58-4C2C-B546-3178B353484B"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20EBDFD4-45A0-47CC-817E-48E84F945402"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C9CDB2B-E454-4B91-9A47-615F31F1A3D5"}, {"criteria": "cpe:2.3:o:fortinet:fortios:5.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A3BE3F8-9157-461C-8E3A-ABFA728B7DB2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}