PSIRT Advisory

FortiWeb Stored XSS vulnerability on webUI certificate view page

Summary

There exists a persistent Cross-site Scripting (XSS) vulnerability on FortiWeb's webUI Certificate View page, which can be triggered via malicious certificate import.

Impact

Cross-site Scripting (XSS)

Affected Products

FortiWeb version 5.8.0,  5.7.1 and below

Solutions

Upgrade to FortiWeb versions 5.8.1, 5.7.2 or above

Acknowledgement

Fortinet is pleased to thank independent researcher Hassan Kooshkaki for reporting this vulnerability under responsible disclosure.