CVE-2014-8617
https://notcve.org/view.php?id=CVE-2014-8617
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. Vulnerabilidad de XSS en la característica Web Action Quarantine Release en la interfaz gráfica del usuario Web en Fortinet FortiMail anterior a 4.3.9, 5.0.x anterior a 5.0.8, 5.1.x anterior a 5.1.5, y 5.2.x anterior a 5.2.3 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML arbitrarios a través del parámetro release en module/releasecontrol. • http://seclists.org/fulldisclosure/2015/Mar/5 http://www.fortiguard.com/advisory/FG-IR-15-005 http://www.securitytracker.com/id/1031859 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •