Summary
FortiOS 5.0.5 and earlier versions contain a cross-site scripting vulnerability. The mkey parameter in the URL /firewall/schedule/recurrdlg is vulnerable to reflected cross-site scripting attack.
Impact
A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Solution
Upgrade to FortiOS 5.0.6 or higher.
Affected
FortiOS 5.0.5 and lower.
Detection
Check the version
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-7182 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities