VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Feb 4, 2013· Updated Apr 29, 2026

CVE-2013-1471

CVE-2013-1471

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.

Affected products

8
  • Fortinet/Fortimail8 versions
    cpe:2.3:a:fortinet:fortimail:3.0:mr2:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:fortinet:fortimail:3.0:mr2:*:*:*:*:*:*
    • cpe:2.3:a:fortinet:fortimail:3.0:mr3:*:*:*:*:*:*
    • cpe:2.3:a:fortinet:fortimail:3.0:mr4:*:*:*:*:*:*
    • cpe:2.3:a:fortinet:fortimail:3.0:mr5:*:*:*:*:*:*
    • cpe:2.3:a:fortinet:fortimail:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:fortinet:fortimail:4.0:mr1:*:*:*:*:*:*
    • cpe:2.3:a:fortinet:fortimail:4.0:mr2:*:*:*:*:*:*
    • cpe:2.3:a:fortinet:fortimail:*:mr3:*:*:*:*:*:*range: <=4.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.