CVE-2014-8619

Published May 12, 2015

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27510CCE-4752-4BBD-B7C7-64D12910FB05"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B906352-DFE6-47AB-966E-EA8F1DC848E9"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4C7D0C5-A0B3-4DE4-95A6-27DFB50665AB"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F2D4C62-7BE0-49D6-8F40-810B5E9E5026"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12E20C4E-FB26-4D91-BFB5-5EB72D6FDB58"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D3C6193-C0FB-4869-9A4A-8882DDD16D69"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED3781FD-6B18-4A9C-88CB-E65B983B1BF3"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A552E67-9977-4CBE-8CF7-4B6C5E4C2074"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23FE6424-8908-4011-AFD6-C797145B7C6A"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CC737D3-0A6B-4A66-A812-2734ABBABD82"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39C4EC40-5646-4C34-8EC3-CED8CDD4CFF3"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0188FEF-A625-4644-ACFC-E2D750E69EF0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortiweb:5.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12B73C90-D608-4A9F-8985-FA6576B5F7A7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References