Info

Risk
3 Medium
Date
Feb 03 2014
Impact
Cross-site scripting
CVE ID
CVE-2013-7182
Fixed In Firmware
FortiOS 5.0.6

FortiGate Cross-Site Scripting Vulnerability


FortiOS 5.0.5 and earlier versions contain a cross-site scripting vulnerability. The mkey parameter in the URL /firewall/schedule/recurrdlg is vulnerable to reflected cross-site scripting attack.

Impact

A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.

Affected Products

FortiOS 5.0.5 and lower.

Solutions

Upgrade to FortiOS 5.0.6 or higher.

Acknowledgement

William Costa