{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T13:10:58.435","vulnerabilities":[{"cve":{"id":"CVE-2018-9186","sourceIdentifier":"psirt@fortinet.com","published":"2018-05-31T22:29:00.253","lastModified":"2024-11-21T04:15:08.570","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 \"CSRF validation failure\" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header."},{"lang":"es","value":"Una vulnerabilidad Cross-Site Scripting (XSS) en Fortinet FortiAuthenticator, desde la versión 4.0.0 hasta antes de la 5.3.0, en la página \"CSRF validation failure\", permite que un atacante ejecute código script no autorizado mediante la inyección de scripts maliciosos en la cabecera referer HTTP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiauthenticator:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"5.3.0","matchCriteriaId":"189DF9FD-8CC2-4362-873D-0A858DF08A33"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/104371","source":"psirt@fortinet.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://fortiguard.com/advisory/FG-IR-18-059","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/104371","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://fortiguard.com/advisory/FG-IR-18-059","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}