PSIRT Advisories

XSS Vulnerability in FortiWeb Site Publisher

Summary

The Site Publisher functionality of FortiWeb has been found vulnerable to a Cross-Site Scripting vulnerability via an improperly sanitized parameter in a POST request.

Affected Products

FortiWeb versions below 5.7.1

Solutions

Upgrade to FortiWeb version 5.8.0