CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
fortinetfortimail
5.0
fortinetfortimail
5.0.5
fortinetfortimail
5.0.6
fortinetfortimail
5.0.7
fortinetfortimail
5.0.8
fortinetfortimail
5.0.9
fortinetfortimail
5.0.10
fortinetfortimail
5.1
fortinetfortimail
5.1.2
fortinetfortimail
5.1.3
fortinetfortimail
5.1.5
fortinetfortimail
5.1.6
fortinetfortimail
5.2
fortinetfortimail
5.2.1
fortinetfortimail
5.2.2
fortinetfortimail
5.2.3
fortinetfortimail
5.2.4
fortinetfortimail
5.2.5
fortinetfortimail
5.2.6
fortinetfortimail
5.2.7
fortinetfortimail
5.2.8
fortinetfortimail
5.2.9
fortinetfortimail
5.3
fortinetfortimail
5.3.1
fortinetfortimail
5.3.2
fortinetfortimail
5.3.3
fortinetfortimail
5.3.4
fortinetfortimail
5.3.5
fortinetfortimail
5.3.6
fortinetfortimail
5.3.7
fortinetfortimail
5.3.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://fortiguard.com/psirt/FG-IR-17-011
http://www.securityfocus.com/bid/97474
http://fortiguard.com/psirt/FG-IR-17-011
http://www.securityfocus.com/bid/97474