PSIRT Advisories
FortiWeb Stored XSS vulnerability on webUI certificate view page
Summary
There exists a persistent Cross-site Scripting (XSS) vulnerability on FortiWeb's webUI Certificate View page, which can be triggered via malicious certificate import.
Affected Products
FortiWeb version 5.8.0, 5.7.1 and below
Solutions
Upgrade to FortiWeb versions 5.8.1, 5.7.2 or above
Acknowledgement
Fortinet is pleased to thank independent researcher Hassan Kooshkaki for reporting this vulnerability under responsible disclosure.