HTML Injection Vulnerability observed in FortiAnalyzer and FortiTester
An improper neutralization of input vulnerability in FortiAnalyzer and FortiTester may allow a remote authenticated attacker to inject script related HTML tags via the Storage Connectors Name Parameter and IPv4/IPv6 address fields respectively.
Unauthorized code execution
FortiAnalyzer versions 6.2.5 , 6.4.1 and below.
Please upgrade to FortiAnalyzer version 6.2.6, 6.4.2 or above.
Fortinet is pleased to thank Researcher Johnatan Camargo and Researcher Danilo Costa for reporting this vulnerability under responsible disclosure.