CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-3978

The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.056

EPSS Ranking 89.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2016-3978

Fortinet » Fortios » Version: 5.0.0

cpe:2.3:o:fortinet:fortios:5.0.0
Fortinet » Fortios » Version: 5.0.1

cpe:2.3:o:fortinet:fortios:5.0.1
Fortinet » Fortios » Version: 5.0.10

cpe:2.3:o:fortinet:fortios:5.0.10
Fortinet » Fortios » Version: 5.0.11

cpe:2.3:o:fortinet:fortios:5.0.11
Fortinet » Fortios » Version: 5.0.12

cpe:2.3:o:fortinet:fortios:5.0.12
Fortinet » Fortios » Version: 5.0.2

cpe:2.3:o:fortinet:fortios:5.0.2
Fortinet » Fortios » Version: 5.0.3

cpe:2.3:o:fortinet:fortios:5.0.3
Fortinet » Fortios » Version: 5.0.4

cpe:2.3:o:fortinet:fortios:5.0.4
Fortinet » Fortios » Version: 5.0.5

cpe:2.3:o:fortinet:fortios:5.0.5
Fortinet » Fortios » Version: 5.0.6

cpe:2.3:o:fortinet:fortios:5.0.6
Fortinet » Fortios » Version: 5.0.7

cpe:2.3:o:fortinet:fortios:5.0.7
Fortinet » Fortios » Version: 5.0.8

cpe:2.3:o:fortinet:fortios:5.0.8
Fortinet » Fortios » Version: 5.0.9

cpe:2.3:o:fortinet:fortios:5.0.9
Fortinet » Fortios » Version: 5.2.0

cpe:2.3:o:fortinet:fortios:5.2.0
Fortinet » Fortios » Version: 5.2.1

cpe:2.3:o:fortinet:fortios:5.2.1
Fortinet » Fortios » Version: 5.2.2

cpe:2.3:o:fortinet:fortios:5.2.2
Fortinet » Fortios » Version: 5.4

cpe:2.3:o:fortinet:fortios:5.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-3978

Products

Pricing

Contact Us