XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb
Summary
An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
Affected Products
FortiWeb version 6.2.2 and below.FortiWeb version 6.3.0.
Solutions
Please upgrade to FortiWeb version 6.2.3 or above Please upgrade to FortiWeb version 6.3.1 or aboveAcknowledgement
Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.