Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8617

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-8617
Last Modified 11 Mar 2015 10:01:15
Published 04 Mar 2015 02:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8617

Summary

Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.

Vulnerable Systems

Application

  • Fortinet Fortimail 4.3.8

  • Fortinet Fortimail 5.0

  • Fortinet Fortimail 5.0.1

  • Fortinet Fortimail 5.0.2

  • Fortinet Fortimail 5.0.3

  • Fortinet Fortimail 5.0.4

  • Fortinet Fortimail 5.0.5

  • Fortinet Fortimail 5.0.6

  • Fortinet Fortimail 5.0.7

  • Fortinet Fortimail 5.1

  • Fortinet Fortimail 5.1.1

  • Fortinet Fortimail 5.1.2

  • Fortinet Fortimail 5.1.3

  • Fortinet Fortimail 5.1.4

  • Fortinet Fortimail 5.2

  • Fortinet Fortimail 5.2.1

  • Fortinet Fortimail 5.2.2


References

CONFIRM - http://www.fortiguard.com/advisory/FG-IR-15-005/

FULLDISC - 20150302 XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617)

SECTRACK - 1031859


Last Updated: 27 May 2016 11:07:58