Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
References
Link | Resource |
---|---|
http://www.fortiguard.com/advisory/FG-IR-013-001.html | Vendor Advisory |
http://www.vulnerability-lab.com/get_content.php?id=701 | |
http://www.youtube.com/watch?v=5d7cIaM80oY | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:14:48
Updated: 2022-10-03T16:14:48
Reserved: 2022-10-03T00:00:00
Link: CVE-2013-1471
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-02-04T19:55:01.833
Modified: 2013-02-08T05:00:00.000
Link: CVE-2013-1471
JSON object: View
Redhat Information
No data.
CWE