CVE-2017-3125

Summary

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiMail5.0.0 -> 5.2.9, 5.3.0 -> 5.3.8affected

Weaknesses

  • Information leak

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References