Description
FortiOS 5.0.5 and earlier versions contain a cross-site scripting vulnerability. The mkey parameter in the URL /firewall/schedule/recurrdlg is vulnerable to reflected cross-site scripting attack.
Impact Detail
A remote unauthenticated attacker may be able to execute arbitraryscript in the context of the end-user's browser session.
Affected Products
FortiOS 5.0.5 and lower.
Solutions
Upgrade to FortiOS 5.0.6 or higher.
Acknowledgement
William Costa