PSIRT Advisory

XSS vulnerability in the UserID of Admin Users in FortiNAC

Summary

An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.

Impact

Unauthorized code execution

Affected Products

FortiNAC version 8.7.2 and below.

Solutions

Please upgrade to FortiNAC 8.7.3 or above.

Acknowledgement

Fortinet is pleased to thank Johnatan Camargo from Itaú Unibanco for reporting this vulnerability under responsible disclosure.