Script Code Injection Vulnerability in FortiMail

Script Code Injection Vulnerability in FortiMail

Summary

FortiMail fails to sanitize user input. The vulnerability allows an attacker to bypass its input filtering routine, which could result in the execution of the injected script code.

Description

FortiMail fails to sanitize user input. The vulnerability allows an attacker to bypass its input filtering routine, which could result in the execution of the injected script code.

Impact Detail

An attacker could bypass the input filtering routine, inject and execute arbitrary script code.

Affected Products

FortiMail 200D, 400C, VM2K, 2000B and 5002B.

Solutions

Restrict the user input to allowed characters.