FortiADC Cross-Site Scripting Vulnerability

description-logo Description

The web administration interface on FortiADC D-series versions 3.2.0 and lower have a reflective cross-site scripting vulnerability in the locale parameter.

Impact Detail

Under certain conditions, an attacker may be able to execute arbitrary JavaScript content in the context of the end-user's browser session.

Affected Products

FortiADC D-series 3.2.0 and lower. This does not affect FortiADC E-series products.

Solutions

Upgrade to FortiADC D-series version 3.2.1 or higher.

Acknowledgement

William Costa