An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
Affected ProductsFortiWeb version 6.2.2 and below.
FortiWeb version 6.3.0.
SolutionsPlease upgrade to FortiWeb version 6.2.3 or above Please upgrade to FortiWeb version 6.3.1 or above
Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.