PSIRT Advisory
Multiple XSS vulnerabilities in FortiManager GUI
Description
The Graphical User Interface (GUI) of FortiManager v5.2.2 is vulnerable to two reflected Cross-Site Scripting (XSS) vulnerabilities.
2 potential XSS vectors were identified:
* XSS vulnerability in SOMVpnSSLPortalDialog.
* XSS vulnerability in FGDMngUpdHistory.
The Graphical User Interface (GUI) of FortiManager v5.2.3 is vulnerable to one reflected XSS vulnerability and one stored XSS vulnerability.
2 potential XSS vectors were identified:
* XSS vulnerability in sharedjobmanager.
* XSS vulnerability in SOMServiceObjDialog.
Impact
XSS
Affected Products
XSS items 1-2: FortiManager v5.2.2 or earlier. XSS items 3-4: FortiManager v5.2.3 or earlier.
Solutions
Update to FortiManager v5.2.4. No workarounds are currently available.
Acknowledgement
Fortinet PSIRT wishes to thank John Page for his commitment to Responsible Disclosure by responsibly disclosing these issues to Fortinet.