Medium severity5.4NVD Advisory· Published Sep 12, 2017· Updated Jun 17, 2026
CVE-2017-7735
CVE-2017-7735
Description
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.
Affected products
18cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:fortinet:fortios:5.4.4:*:*:*:*:*:*:*
- Fortinet, Inc./Fortinet FortiOSv5Range: FortiOS versions 5.2.0 through 5.2.11, and 5.4.0 through 5.4.4
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/99098nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038705nvdThird Party AdvisoryVDB Entry
- fortiguard.com/advisory/FG-IR-17-127nvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.