PSIRT Advisories

Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI

description-logo Description

Prior to version 5.0.7, the Web User Interface of FortiManager and FortiAnalyzer is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities.

Impact Detail

A remote unauthenticated attacker may be able to execute arbitrary scripts in the context of an authenticated user's browser session.

Affected Products

FortiManager and FortiAnalyzer < version 5.0.7

Solutions

Upgrade to 5.0.7 or above.

Acknowledgement

Oded Vanunu & Adi Volkovitz, Check Point Security Research Team.