漏洞描述
Fortinet FortiOS是美国飞塔(Fortinet)公司开发的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSL VPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS 5.2.3之前5.2.x版本的sslvpn登录页面存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意Web脚本或HTML。
Fortinet FortiOS sslvpn登录页面跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- Fortinet FortiOS等 签名验证不当漏洞
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446/CVE-2025-58034)
- Fortinet FortiWeb 需授权 命令注入漏洞
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446)
- POC Fortinet FortiWeb 未授权身份验证绕过漏洞(CVE-2025-64446)
- POC CVE-2022-42475: Fortinet SSL-VPN - Heap-Based Buffer Overflow
- POC CVE-2015-1880: Fortinet FortiOS <=5.2.3 - Cross-Site Scripting
- POC CVE-2016-3978: Fortinet FortiOS - Open Redirect/Cross-Site Scripting
- POC CVE-2017-14186: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
- POC CVE-2017-3131: FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting
- POC CVE-2017-3132: Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
- POC CVE-2017-3133: Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
- POC CVE-2018-13379: Fortinet FortiOS - Credentials Disclosure