id: CVE-2021-43062 info: name: Fortinet FortiMail 7.0.1 - Cross-Site Scripting author: ajaysenr severity: medium description: A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Fortinet FortiMail. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-43062 - https://www.fortiguard.com/psirt/FG-IR-21-185 - https://www.exploit-db.com/exploits/50759 - https://fortiguard.com/advisory/FG-IR-21-185 - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-43062 cwe-id: CWE-79 epss-score: 0.00709 epss-percentile: 0.79992 cpe: cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: fortinet product: fortimail tags: cve,cve2021,fortimail,xss,fortinet,edb http: - method: GET path: - "{{BaseURL}}/fmlurlsvc/?=&url=https%3A%2F%2Fgoogle.com" matchers-condition: and matchers: - type: word part: body words: - "" - "FortiMail Click Protection" condition: and - type: word part: header words: - "text/html" - type: status status: - 200 # digest: 490a00463044022035f3b272f2f2eb3ffd2265b03fc34944ba5ea2298fe4943fccb382b77dcbfb5402206fae9c44d872dbd06fb5992248d7d731d43168f9ce8c47f3ede8c51ca7b34c5c:922c64590222798bb761d5b6d8e72950