[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTIMANAGER-XSS-0924.txt Vendor: ================================ www.fortinet.com Product: ================================ FortiManager v5.2.2 FortiManager is a centralized security management appliance that allows you to centrally manage any number of Fortinet Network Security devices. Vulnerability Type: =================== Multiple Cross Site Scripting ( XSS ) in FortiManager GUI http://www.fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortimanager-gui CVE Reference: ============== Pending Vulnerability Details: ===================== The Graphical User Interface (GUI) of FortiManager v5.2.2 is vulnerable to two reflected Cross-Site Scripting (XSS) vulnerabilities. 2 potential XSS vectors were identified: * XSS vulnerability in SOMVpnSSLPortalDialog. * XSS vulnerability in FGDMngUpdHistory. The Graphical User Interface (GUI) of FortiManager v5.2.3 is vulnerable to one reflected XSS vulnerability and one stored XSS vulnerability. 2 potential XSS vectors were identified: * XSS vulnerability in sharedjobmanager. * XSS vulnerability in SOMServiceObjDialog. Affected Products XSS items 1-2: FortiManager v5.2.2 or earlier. XSS items 3-4: FortiManager v5.2.3 or earlier. Solutions: =========== No workarounds are currently available. Update to FortiManager v5.2.4. Exploit code(s): =============== 1- Persistent: https://localhost/cgi-bin/module/sharedobjmanager/firewall/SOMServiceObjDialog?devGrpId=18446744073709551615&deviceId=18446744073709551615&vdom=&adomId=3&vdomID=0&adomType=ems&cate=167&prodId=0&key=ALL&catetype=167&cate=167&permit_w=1&roid=189&startIndex=0&results=50