Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fortinet FortiAuthenticator 跨站脚本漏洞
Vulnerability Description
Fortinet FortiAuthenticator是美国飞塔(Fortinet)公司的系列安全认证软件,它可与FortiToken(双因子认证令牌)结合,向通过RADIUS或LDAP认证的第三方设备提供安全的双因子验证。 Fortinet FortiAuthenticator 5.3.0之前版本中的‘跨站请求伪造验证失败’页面存在跨站脚本漏洞。远程攻击者可通过向HTTP referer包头中注入恶意的脚本利用该漏洞执行未授权的脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A