cvelistv5 - cve-2014-8616

CVE-2014-8616 (GCVE-0-2014-8616)

Vulnerability from cvelistv5 – Published: 2015-05-12 19:00 – Updated: 2024-08-06 13:26

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id/1032261	vdb-entryx_refsource_SECTRACK
	http://www.fortiguard.com/advisory/FG-IR-15-005/	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1032265	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1032264	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1032262	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:26:01.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032261",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032261"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
          },
          {
            "name": "1032265",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032265"
          },
          {
            "name": "1032264",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032264"
          },
          {
            "name": "1032262",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032262"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1032261",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032261"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
        },
        {
          "name": "1032265",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032265"
        },
        {
          "name": "1032264",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032264"
        },
        {
          "name": "1032262",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032262"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8616",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032261",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032261"
            },
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
            },
            {
              "name": "1032265",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032265"
            },
            {
              "name": "1032264",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032264"
            },
            {
              "name": "1032262",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032262"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8616",
    "datePublished": "2015-05-12T19:00:00",
    "dateReserved": "2014-11-04T00:00:00",
    "dateUpdated": "2024-08-06T13:26:01.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E627C59-7C16-44F0-800D-A2E8A766B26D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"233236FA-BB13-4261-BE2E-3E617406DC53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27844CC9-498B-4A65-91AC-AC130222EE5F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de XSS en Fortinet FortiOS 5.2.x anterior a 5.2.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios o HTML a trav\\u00e9s de vectores no especificados en men\\u00fas (1) de grupos de usuarios o (2) de plantillas vpn.\"}]",
      "id": "CVE-2014-8616",
      "lastModified": "2024-11-21T02:19:27.290",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-05-12T19:59:00.097",
      "references": "[{\"url\": \"http://www.fortiguard.com/advisory/FG-IR-15-005/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1032261\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1032262\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1032264\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1032265\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.fortiguard.com/advisory/FG-IR-15-005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1032261\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032262\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032264\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032265\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-8616\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-05-12T19:59:00.097\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en Fortinet FortiOS 5.2.x anterior a 5.2.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios o HTML a trav\u00e9s de vectores no especificados en men\u00fas (1) de grupos de usuarios o (2) de plantillas vpn.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E627C59-7C16-44F0-800D-A2E8A766B26D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"233236FA-BB13-4261-BE2E-3E617406DC53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27844CC9-498B-4A65-91AC-AC130222EE5F\"}]}]}],\"references\":[{\"url\":\"http://www.fortiguard.com/advisory/FG-IR-15-005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032261\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1032262\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1032264\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1032265\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.fortiguard.com/advisory/FG-IR-15-005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1032261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2014-8616

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-8616

Aliases

CVE-2014-8616

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8616",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.",
    "id": "GSD-2014-8616"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8616"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.",
      "id": "GSD-2014-8616",
      "modified": "2023-12-13T01:22:49.026661Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-8616",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1032261",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032261"
          },
          {
            "name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
            "refsource": "CONFIRM",
            "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
          },
          {
            "name": "1032265",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032265"
          },
          {
            "name": "1032264",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032264"
          },
          {
            "name": "1032262",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032262"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8616"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
            },
            {
              "name": "1032265",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032265"
            },
            {
              "name": "1032264",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032264"
            },
            {
              "name": "1032262",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032262"
            },
            {
              "name": "1032261",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032261"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-01-03T02:59Z",
      "publishedDate": "2015-05-12T19:59Z"
    }
  }
}

FKIE_CVE-2014-8616

Vulnerability from fkie_nvd - Published: 2015-05-12 19:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.fortiguard.com/advisory/FG-IR-15-005/	Vendor Advisory
cve@mitre.org	http://www.securitytracker.com/id/1032261
cve@mitre.org	http://www.securitytracker.com/id/1032262
cve@mitre.org	http://www.securitytracker.com/id/1032264
cve@mitre.org	http://www.securitytracker.com/id/1032265
af854a3a-2127-422b-91ae-364da2661108	http://www.fortiguard.com/advisory/FG-IR-15-005/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032261
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032262
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032264
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032265

Impacted products

Vendor	Product	Version
fortinet	fortios	5.2.0
fortinet	fortios	5.2.1
fortinet	fortios	5.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E627C59-7C16-44F0-800D-A2E8A766B26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "233236FA-BB13-4261-BE2E-3E617406DC53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27844CC9-498B-4A65-91AC-AC130222EE5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en Fortinet FortiOS 5.2.x anterior a 5.2.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios o HTML a trav\u00e9s de vectores no especificados en men\u00fas (1) de grupos de usuarios o (2) de plantillas vpn."
    }
  ],
  "id": "CVE-2014-8616",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-05-12T19:59:00.097",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032261"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032262"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032264"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032265"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201505-0126

Vulnerability from variot - Updated: 2023-12-18 12:20

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus. Fortinet FortiOS is prone to multiple cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0126",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.7.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.17"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.15"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.50"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.36"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.18"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.14"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.13"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.12"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "72562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8616"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jared Haight, William Costa and Benjamin Kunz Mejri",
    "sources": [
      {
        "db": "BID",
        "id": "72562"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-8616",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-8616",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-76561",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-8616",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-094",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-76561",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus. Fortinet FortiOS is prone to multiple cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Fortinet FortiOS is a set of security operating systems developed by Fortinet Corporation for the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSL VPN, Web content filtering and anti-spam",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "db": "BID",
        "id": "72562"
      },
      {
        "db": "VULHUB",
        "id": "VHN-76561"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-8616",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032262",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1032261",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1032264",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1032265",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-094",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "72562",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-76561",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76561"
      },
      {
        "db": "BID",
        "id": "72562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ]
  },
  "id": "VAR-201505-0126",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76561"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:20:53.695000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple products cross-site scripting vulnerabilities",
        "trust": 0.8,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-005/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8616"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-005/"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032261"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032262"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032264"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032265"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8616"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8616"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76561"
      },
      {
        "db": "BID",
        "id": "72562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-76561"
      },
      {
        "db": "BID",
        "id": "72562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-76561"
      },
      {
        "date": "2015-02-25T00:00:00",
        "db": "BID",
        "id": "72562"
      },
      {
        "date": "2015-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "date": "2015-05-12T19:59:00.097000",
        "db": "NVD",
        "id": "CVE-2014-8616"
      },
      {
        "date": "2015-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-76561"
      },
      {
        "date": "2015-02-25T00:00:00",
        "db": "BID",
        "id": "72562"
      },
      {
        "date": "2015-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      },
      {
        "date": "2017-01-03T02:59:20.347000",
        "db": "NVD",
        "id": "CVE-2014-8616"
      },
      {
        "date": "2015-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiOS Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008045"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-094"
      }
    ],
    "trust": 0.6
  }
}

GHSA-PH8H-6P6X-772P

Vulnerability from github – Published: 2022-05-17 03:11 – Updated: 2025-04-12 12:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-12T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.",
  "id": "GHSA-ph8h-6p6x-772p",
  "modified": "2025-04-12T12:47:39Z",
  "published": "2022-05-17T03:11:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8616"
    },
    {
      "type": "WEB",
      "url": "http://www.fortiguard.com/advisory/FG-IR-15-005"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032261"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032262"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032264"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032265"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2015-02988

Vulnerability from cnvd - Published: 2015-05-13

Title

Fortinet FortiADC用户组菜单跨站脚本漏洞

Description

Fortinet FortiADC是一款负载均衡服务解决方案。 Fortinet FortiADC 用户组菜单处理存在跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。

Severity

中

Patch Name

Fortinet FortiADC用户组菜单跨站脚本漏洞的补丁

Patch Description

Fortinet FortiADC是一款负载均衡服务解决方案。Fortinet FortiADC 用户组菜单处理存在跨站脚本漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Fortinet FortiADC 5.2.3已经修复该漏洞，建议用户下载更新： http://www.fortiguard.com/advisory/FG-IR-15-005/

Reference

http://www.fortiguard.com/advisory/FG-IR-15-005/

Impacted products

Name
Fortinet FortiADC

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8616"
    }
  },
  "description": "Fortinet FortiADC\u662f\u4e00\u6b3e\u8d1f\u8f7d\u5747\u8861\u670d\u52a1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nFortinet FortiADC \u7528\u6237\u7ec4\u83dc\u5355\u5904\u7406\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002",
  "discovererName": "Fortinet",
  "formalWay": "Fortinet FortiADC 5.2.3\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.fortiguard.com/advisory/FG-IR-15-005/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02988",
  "openTime": "2015-05-13",
  "patchDescription": "Fortinet FortiADC\u662f\u4e00\u6b3e\u8d1f\u8f7d\u5747\u8861\u670d\u52a1\u89e3\u51b3\u65b9\u6848\u3002Fortinet FortiADC \u7528\u6237\u7ec4\u83dc\u5355\u5904\u7406\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u811a\u672c\u6216HTML\u4ee3\u7801\uff0c\u5f53\u6076\u610f\u6570\u636e\u88ab\u67e5\u770b\u65f6\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u52ab\u6301\u7528\u6237\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Fortinet FortiADC\u7528\u6237\u7ec4\u83dc\u5355\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Fortinet FortiADC"
  },
  "referenceLink": "http://www.fortiguard.com/advisory/FG-IR-15-005/",
  "serverity": "\u4e2d",
  "submitTime": "2015-05-07",
  "title": "Fortinet FortiADC\u7528\u6237\u7ec4\u83dc\u5355\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-8616 (GCVE-0-2014-8616)

GSD-2014-8616

FKIE_CVE-2014-8616

VAR-201505-0126

GHSA-PH8H-6P6X-772P

CNVD-2015-02988

Tags

Sightings

Nomenclature