PSIRT Advisory
FortiWeb Stored Cross-Site Scripting Vulnerability
Description
Authenticated administrative users can store injected Javascript content into a specific field on the web management interface. This Javascript may be evaluated in the context of another administrative user browsing to the affected web page.
Impact
Privilege Elevation
Affected Products
FortiWeb 5.0.3 and lower.
Solutions
Upgrade to FortiWeb 5.0.4 or higher.
Acknowledgement
Enrique E. Nissim from the ZConsulting team (http://www.zconsulting.com.ar)