CVE-2021-43062

CVE Database · CVE-2021-43062

CVE-2021-43062

· MEDIUMModified

CVSS v3.1

6.1

EPSS

12.94%

Published

Feb 2, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (3)

All weaponized →

Exploit-DBFortinet Fortimail 7.0.1 - Reflected Cross-Site Scripting (XSS)NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (3)

fortinet · fortimail (up to 6.2.8)vulnerable

fortinet · fortimail (up to 6.4.6)vulnerable

fortinet · fortimail (up to 7.0.2)vulnerable

References (4)

http://packetstormsecurity.com/files/166055/Fortinet-Fortimail-7.0.1-Cross-Site-Scripting.html

ExploitThird Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-21-185

Vendor Advisory

http://packetstormsecurity.com/files/166055/Fortinet-Fortimail-7.0.1-Cross-Site-Scripting.html

ExploitThird Party AdvisoryVDB Entry

https://fortiguard.com/advisory/FG-IR-21-185

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs