Info

Risk
3 Medium
Date
Jan 17 2014
Impact
Privilege Elevation
CVE ID
CVE-2014-1458
Fixed In Firmware
FortiWeb 5.0.4

FortiWeb Stored Cross-Site Scripting Vulnerability


Authenticated administrative users can store injected Javascript content into a specific field on the web management interface. This Javascript may be evaluated in the context of another administrative user browsing to the affected web page.

Affected Products

FortiWeb 5.0.3 and lower.

Solutions

Upgrade to FortiWeb 5.0.4 or higher.

Acknowledgement

Enrique E. Nissim from the ZConsulting team (http://www.zconsulting.com.ar)