Fortinet FortiAuthenticator XSS Vulnerability: Unauthorized Script Execution via CSRF Validation Failure

Fortinet FortiAuthenticator XSS Vulnerability: Unauthorized Script Execution via CSRF Validation Failure

CVE-2018-9186 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.

Learn more about our Cis Benchmark Audit For Fortinet.