FortiCASB data pattern name XSS vulnerability
Summary
Failure to sanitize input in the customized data pattern webpage of FortiCASBÂ may allow an authenticated attacker to conduct a stored XSS attack via the name parameter.
Affected Products
FortiCASB all versions below 4.1.0Solutions
FortiCASB had been upgraded to 4.1.0 to address this issue.Acknowledgement
Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.