{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T21:05:38.692","vulnerabilities":[{"cve":{"id":"CVE-2018-13375","sourceIdentifier":"psirt@fortinet.com","published":"2019-05-28T19:29:00.597","lastModified":"2024-11-21T03:46:58.900","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled)."},{"lang":"es","value":"Una neutralización inapropiada de las etiquetas HTML relacionadas con scripting en Fortinet FortiAnalyzer versión 5.6.0 y anteriores y FortiManager versión 5.6.0 y anteriores, permite a un atacante enviar una petición DHCP que contenga scripts maliciosos en el parámetro HOSTNAME. El código script malicioso es ejecutado durante la visualización de los registros en FortiAnalyzer y FortiManager (con la función FortiAnalyzer habilitada)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:M\/Au:N\/C:N\/I:P\/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6.0","matchCriteriaId":"3ADD2237-8F19-4579-9A09-830F043A3A2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6.0","matchCriteriaId":"DA5B6363-5F6A-495A-85A0-4463C48F5513"}]}]}],"references":[{"url":"https:\/\/fortiguard.com\/advisory\/FG-IR-18-121","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https:\/\/fortiguard.com\/advisory\/FG-IR-18-121","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}