VYPR
Medium severity6.1NVD Advisory· Published Jan 29, 2018· Updated Jun 17, 2026

CVE-2017-14190

CVE-2017-14190

Description

A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted "Host" header in user HTTP requests.

Affected products

2
  • Fortinet/Fortiosllm-fuzzy2 versions
    5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier+ 1 more
    • (no CPE)range: 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier
    • (no CPE)range: 5.6.0 to 5.6.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.