{"containers":{"cna":{"affected":[{"product":"FortiAuthenticator","vendor":"Fortinet, Inc.","versions":[{"status":"affected","version":"below 5.3.0 versions"}]}],"datePublic":"2018-05-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 \"CSRF validation failure\" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header."}],"problemTypes":[{"descriptions":[{"description":"Execute unauthorized code or commands","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-03-21T21:12:49.000Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://fortiguard.com/advisory/FG-IR-18-059"},{"name":"104371","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/104371"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@fortinet.com","DATE_PUBLIC":"2018-05-29T00:00:00","ID":"CVE-2018-9186","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"FortiAuthenticator","version":{"version_data":[{"version_value":"below 5.3.0 versions"}]}}]},"vendor_name":"Fortinet, Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 \"CSRF validation failure\" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Execute unauthorized code or commands"}]}]},"references":{"reference_data":[{"name":"https://fortiguard.com/advisory/FG-IR-18-059","refsource":"CONFIRM","url":"https://fortiguard.com/advisory/FG-IR-18-059"},{"name":"104371","refsource":"BID","url":"http://www.securityfocus.com/bid/104371"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T07:17:51.677Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://fortiguard.com/advisory/FG-IR-18-059"},{"name":"104371","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/104371"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:00:20.619763Z","id":"CVE-2018-9186","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-25T14:09:37.923Z"}}]},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2018-9186","datePublished":"2018-05-31T22:00:00.000Z","dateReserved":"2018-04-02T00:00:00.000Z","dateUpdated":"2024-10-25T14:09:37.923Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}