what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Fortimail 5.2.1 Cross Site Scripting

Fortimail 5.2.1 Cross Site Scripting
Posted Mar 2, 2015
Authored by William Costa

Fortimail version 5.2.1 suffers from reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4a9ca90086f920fbde41283b2de6cf6ada62459dae9b0d0f5aea2a02e800c26e

Fortimail 5.2.1 Cross Site Scripting

Change Mirror Download
I. VULNERABILITY
-------------------------
XSS Reflected vulnerabilities in Fortimail version 5.2.1

II. BACKGROUND
-------------------------
Fortinet’s industry-leading, Network Security Platforms deliver Next
Generation Firewall (NGFW) security with exceptional throughput, ultra
low latency, and multi-vector threat protection.

III. DESCRIPTION
-------------------------
Has been detected two XSS Reflected vulnerability in FortiMail in "
/module/releasecontrol?release=" parameter “release” that allows the
execution of arbitrary HTML/script code to be executed in the context of
the victim user's browser.

IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter “release“ in
“/module/releasecontrol?release=“
https://10.0.0.38/module/releasecontrol?release=1:aaa:aaaaaaa<script>a
lert(document.cookie)</script>

V. BUSINESS IMPACT
-------------------------
Vulnerability allows the execution of arbitrary HTML/script code to be
executed in the context of the victim user's browser.

VI. REQUIREMENTS
-----------------------
An Attacker needs to know the IP of the device.
An Administrator needs an authenticated connection to the device.

VII. SYSTEMS AFFECTED
-------------------------
Try FortiMail version 5.2.1 VM

VIII. SOLUTION
-------------------------
Upgrade version 5.2.3
http://www.fortiguard.com/advisory/FG-IR-15-005/


Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close