FortiSwitch multiple XSS vulnerabilities in the jQuery library
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-18-013
Final
1
1
2019-04-10T00:00:00
Current version
2019-04-10T00:00:00
2019-04-10T00:00:00
FortiSwitch is vulnerable to multiple Cross-site Scripting (XSS) attacks present in the jQuery javascript libraryCVE-2015-9251:jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2012-6708:jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '
Cross-site Scripting (XSS)
CVE-2015-9251 CVE-2015-9251 CVE-2015-9251 CVE-2015-9251 CVE-2015-9251 CVE-2015-9251 CVE-2015-9251 CVE-2015-9251 CVE-2015-9251 CVE-2015-9251 FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. FortiSwitch 6.0.0 to 6.0.1, 3.6.8 and below. CVE-2012-6708 CVE-2012-6708 CVE-2012-6708 CVE-2012-6708 CVE-2012-6708 CVE-2012-6708 CVE-2012-6708 CVE-2012-6708 CVE-2012-6708 CVE-2012-6708 FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below. FortiSwitch 3.6.8 and below.
Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9 Upgrade to 6.0.2 or 3.6.9
FortiSwitch 6.0.2
FortiSwitch 6.0.1
FortiSwitch 3.6.8
FortiSwitch multiple XSS vulnerabilities in the jQuery library
CVE-2015-9251
CVE-2012-6708
FortiSwitch-6.0.2
FortiSwitch-6.0.1
FortiSwitch-3.6.8
4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-18-013
FortiSwitch multiple XSS vulnerabilities in the jQuery library
Reference>