FortiWLC XSS injection via crafted HTTP POST request
The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. A successful attack would involve getting a targeted victim with an open session on the WebUI to visit a malicious URL crafted by the attacker.
FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5)
FortiWLC 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10)
FortiWLC 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2)
For FortiWLC 7.x branch, upgrade to 7.0.11 or newer versions.
For FortiWLC 8.x branch, upgrade to 8.3.3 or newer versions.
Fortinet is pleased to thank Ali Ardic (Cyber Security Specialist and Researcher - G.A.I.S.) for reporting this vulnerability under responsible disclosure.