IR Number	FG-IR-14-002
Date	Feb 3, 2014
Risk
Impact	Cross-site scripting
CVE ID	CVE-2013-7181
CVRF	Download

Refine Search

PSIRT Advisories

FortiWeb Cross-Site Scripting Vulnerability

Description

Fortiweb 5.0.3 and earlier versions contain a cross-site scripting vulnerability. The filter parameter in the URL "/user/ldap_user/add" is vulnerable to cross-site scripting attack.

Impact Detail

A remote unauthenticated attacker may be able to execute arbitraryscript in the context of the end-user's browser session.

Affected Products

FortiWeb 5.0.3 and lower.

Solutions

Upgrade to FortiWeb 5.1.0 or higher.

Acknowledgement

William Costa

News / Research

Services

Threat Lookup

PSIRT

Resources