FortiClientEMS - Authenticated Injection vulnerabilities


An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.

Affected Products

FortiClientEMS version 6.4.1 and below.


Please upgrade to version 6.4.2 or above.
Please upgrade to version 7.0.0 or above.


Fortinet is pleased to thank Danilo Costa for reporting this vulnerability under responsible disclosure.