CVE-2018-1355

CVE Database · CVE-2018-1355

CVE-2018-1355

· N/AModified

CVSS v3.1

N/A

EPSS

1.62%

Published

Jun 27, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.

Weaknesses (CWE)

CWE-601

Affected Products (4)

fortinet · fortianalyzervulnerable

fortinet · fortimanagervulnerable

References (8)

http://www.securityfocus.com/bid/104546

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041184

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041185

Third Party AdvisoryVDB Entry