CVE-2014-8616

EUVD-2014-8453
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
fortinetfortios
5.2.0
fortinetfortios
5.2.1
fortinetfortios
5.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.fortiguard.com/advisory/FG-IR-15-005/
http://www.securitytracker.com/id/1032261
http://www.securitytracker.com/id/1032262
http://www.securitytracker.com/id/1032264
http://www.securitytracker.com/id/1032265
http://www.fortiguard.com/advisory/FG-IR-15-005/
http://www.securitytracker.com/id/1032261
http://www.securitytracker.com/id/1032262
http://www.securitytracker.com/id/1032264
http://www.securitytracker.com/id/1032265