- Added submission from Fortinet for FG-IR-17-168 from 2017-11-09.

2025-07-29 05:56:59 +00:00 · 2017-11-13 08:39:04 -05:00 · 2017-11-13 08:39:04 -05:00 · 372d9f452d
commit 372d9f452d
parent 16a6e636a2
1 changed files with 52 additions and 3 deletions
--- a/2017/7xxx/CVE-2017-7739.json
+++ b/2017/7xxx/CVE-2017-7739.json
@ -1,8 +1,38 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "psirt@fortinet.com",
+      "DATE_PUBLIC" : "2017-11-03T00:00:00",
      "ID" : "CVE-2017-7739",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "FortiOS",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "5.6.0"
+                              },
+                              {
+                                 "version_value" : "5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0"
+                              },
+                              {
+                                 "version_value" : "5.2.11, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Fortinet, Inc."
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,7 +41,26 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Cross-site Scripting (XSS)"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://fortiguard.com/advisory/FG-IR-17-168"
         }
      ]
   }