XSS vulnerability in FortiNAC admin webUI search field


Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in FortiNAC admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.

Affected Products

FortiNAC 8.3.0 to 8.3.6 and 8.5.0


Upgrade to FortiNAC 8.3.7 or 8.5.1


Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.