Description
The web administration interface on FortiADC D-series versions 3.2.0 and lower have a reflective cross-site scripting vulnerability in the locale parameter.
Impact Detail
Under certain conditions, an attacker may be able to execute arbitrary JavaScript content in the context of the end-user's browser session.
Affected Products
FortiADC D-series 3.2.0 and lower. This does not affect FortiADC E-series products.
Solutions
Upgrade to FortiADC D-series version 3.2.1 or higher.
Acknowledgement
William Costa