XSS vulnerability in the UserID of Admin Users in FortiNAC


An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.

Affected Products

FortiNAC version 8.7.2 and below.


Please upgrade to FortiNAC 8.7.3 or above.


Fortinet is pleased to thank Johnatan Camargo from Itaú Unibanco for reporting this vulnerability under responsible disclosure.