At a glance:

IR Number FG-IR-012-007
Date Dec 3, 2012
Risk
Impact Cross Site Scripting
CVE ID CVE-2012-6347
CVRF Download

Potential Cross Site Scripting Vulnerability in FortiDB

Potential Cross Site Scripting Vulnerability in FortiDB

Summary

FortiDB does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to inject malicious script code.

Description

FortiDB does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to inject malicious script code.

Impact Detail

Persistent XSS. An authenticated login is required to carry out an attack. Exploitation requires low user inter action.

Affected Products

FortiDB-2000B FortiDB-1000C FortiDB-400C

Solutions

Upgrade to FortiDB v4.4.2.

Acknowledgement

Benjamin Kunz Mejri of Vulnerability Laboratory Research Team