.. / CVE-2015-1880

Exploit for Fortinet FortiOS <=5.2.3 - Cross-Site Scripting (CVE-2015-1880)

Description:

Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Nuclei Template

View the template here CVE-2015-1880.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2015/CVE-2015-1880.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2015-1880
http://www.securitytracker.com/id/1032262
http://www.fortiguard.com/advisory/FG-IR-15-005/
https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page
http://www.securitytracker.com/id/1032261