PSIRT Advisories
XSS vulnerability in FortiManager and FortiAnalyzer
Summary
An improper neutralization of script-related HTML tags in a web page in FortiManager and FortiAnalyzer may allow an attacker to perform a cross site scripting (XSS) attack via the Identify Provider name field.Affected Products
FortiManager version 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5 and 6.2.6FortiAnalyzer version 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5 and 6.2.6
Solutions
Please upgrade to FortiManager 6.4.0 or abovePlease upgrade to FortiAnalyzer 6.4.0 or above