cve/2017/CVE-2017-7736.md

### [CVE-2017-7736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7736)
![](https://img.shields.io/static/v1?label=Product&message=Fortinet%20FortiWeb&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(XSS)&color=brighgreen)

### Description

A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.

### POC

#### Reference
- https://fortiguard.com/advisory/FG-IR-17-131

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2017-7736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7736)`
			`![](https://img.shields.io/static/v1?label=Product&message=Fortinet%20FortiWeb&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(XSS)&color=brighgreen)`

			`### Description`

			`A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.`

			`### POC`

			`#### Reference`
			`- https://fortiguard.com/advisory/FG-IR-17-131`

			`#### Github`
			`No PoCs found on GitHub currently.`