HTML Injection Vulnerability observed in FortiAnalyzer and FortiTester
Summary
An improper neutralization of input vulnerability in FortiAnalyzer and FortiTester may allow a remote authenticated attacker to inject script related HTML tags via the Storage Connectors Name Parameter and IPv4/IPv6 address fields respectively.Affected Products
FortiAnalyzer versions 6.2.5 , 6.4.1 and below.FortiTester versions 3.8.0; 3.7.0 and below.
Solutions
Please upgrade to FortiAnalyzer version 6.2.6, 6.4.2 or above.Please upgrade to FortiTester version 3.9.0 or above.