Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortimail | <= 4.0 |
| Fortinet | Fortimail-2000B | - |
| Fortinet | Fortimail-200D | - |
| Fortinet | Fortimail-400C | - |
| Fortinet | Fortimail-5002B | - |
| Fortinet | Fortimail-Vm2000 | - |
Related Weaknesses (CWE)
References
- http://www.fortiguard.com/advisory/FG-IR-013-001.htmlVendor Advisory
- http://www.vulnerability-lab.com/get_content.php?id=701
- http://www.youtube.com/watch?v=5d7cIaM80oYExploit
- http://www.fortiguard.com/advisory/FG-IR-013-001.htmlVendor Advisory
- http://www.vulnerability-lab.com/get_content.php?id=701
- http://www.youtube.com/watch?v=5d7cIaM80oYExploit
FAQ
What is CVE-2013-1471?
CVE-2013-1471 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attacker...
How severe is CVE-2013-1471?
CVE-2013-1471 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1471?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortimail, Fortinet Fortimail-2000B, Fortinet Fortimail-200D, Fortinet Fortimail-400C, Fortinet Fortimail-5002B.