Vulnerability Details : CVE-2012-0941
Potential exploit
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2012-0941
- cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0941
0.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0941
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2012-0941
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0941
-
https://fortiguard.com/psirt/FG-IR-012-001
Potential Information Disclosure Vulnerability in FortiGate | FortiGuardVendor Advisory
-
http://www.securityfocus.com/bid/51708
Fortigate UTM WAF Appliances Cross Site Scripting and HTML Injection VulnerabilitiesThird Party Advisory;VDB Entry
-
https://securitytracker.com/id/1026594
FortiGate UTM WAF Appliance Permits Scripting Injection Attacks - SecurityTrackerThird Party Advisory;VDB Entry
-
http://packetstormsecurity.org/files/109168/VL-144.txt
Fortigate UTM WAF Appliance Cross Site Scripting ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://www.vulnerability-lab.com/get_content.php?id=144
Exploit;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72761
FortiGate UTM WAF Appliances fields_sorted_opt parameter cross-site scripting CVE-2012-0941 Vulnerability ReportVDB Entry
Jump to