PSIRT Advisories

FortiWeb Stored Cross-Site Scripting Vulnerability

description-logo Description

Authenticated administrative users can store injected Javascript content into a specific field on the web management interface. This Javascript may be evaluated in the context of another administrative user browsing to the affected web page.

Affected Products

FortiWeb 5.0.3 and lower.

Solutions

Upgrade to FortiWeb 5.0.4 or higher.

Acknowledgement

Enrique E. Nissim from the ZConsulting team (http://www.zconsulting.com.ar)