Medium severity5.4NVD Advisory· Published Oct 26, 2017· Updated May 13, 2026
CVE-2017-7335
CVE-2017-7335
Description
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.
Affected products
13cpe:2.3:a:fortinet:fortiwlc:6.1-2:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:fortinet:fortiwlc:6.1-2:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:6.1-4:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:6.1-5:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:7.0-10:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:7.0-7:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:7.0-8:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:7.0-9:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:fortinet:fortiwlc:8.3.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/101287nvdThird Party AdvisoryVDB Entry
- fortiguard.com/psirt/FG-IR-17-106nvdVendor Advisory
News mentions
0No linked articles in our index yet.