This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The remote host is running a version of Fortinet FortiOS that is
affected by the following vulnerabilities :
- An open redirect vulnerability exists due to improper
validation of user-supplied input before using it in
redirects. An attacker can exploit this, via a specially
crafted link, to redirect a victim to an arbitrary
malicious website. (VulnDB 136049)
- A cross-site scripting (XSS) vulnerability exists due to
improper validation of user-supplied input to the
parameter used to govern redirects. An attacker can
exploit this, via a specially crafted request, to
execute arbitrary script code in a user's browser
session. (VulnDB 136050)
See also :
Upgrade to Fortinet FortiOS version 5.0.13 / 5.2.3 / 5.4.0 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true