FortiClientEMS - Authenticated Injection vulnerabilities

Summary

An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.

Affected Products

FortiClientEMS version 6.4.1 and below.

Solutions

Please upgrade to version 6.4.2 or above.
Please upgrade to version 7.0.0 or above.

Acknowledgement

Fortinet is pleased to thank Danilo Costa for reporting this vulnerability under responsible disclosure.