CVE-2017-7335

CVE Database · CVE-2017-7335

CVE-2017-7335

· N/AModified

CVSS v3.1

N/A

EPSS

0.54%

Published

Oct 26, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.

Weaknesses (CWE)

CWE-79

Affected Products (13)

fortinet · fortiwlcvulnerable

References (4)

http://www.securityfocus.com/bid/101287

Third Party AdvisoryVDB Entry

https://fortiguard.com/psirt/FG-IR-17-106

Vendor Advisory

http://www.securityfocus.com/bid/101287

Third Party AdvisoryVDB Entry

https://fortiguard.com/psirt/FG-IR-17-106

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs