Medium severity5.4NVD Advisory· Published Nov 22, 2017· Updated May 13, 2026

CVE-2017-7736

Description

A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.

Affected products

Fortinet/Fortiweb2 versions
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*range: <=5.7.1
- cpe:2.3:a:fortinet:fortiweb:5.8.0:*:*:*:*:*:*:*
Fortinet, Inc./Fortinet FortiWebv5
Range: FortiWeb 5.8.0, 5.7.1 and earlier

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101916nvdThird Party AdvisoryVDB Entry
fortiguard.com/advisory/FG-IR-17-131nvdIssue TrackingVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000