FortiProxy multiple pre-auth XSS vulnerabilities on SSL VPN

Summary

An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a reflected Cross Site Scripting attack (XSS) by injecting malicious payload in the error, message or redir parameters.

Affected Products

FortiProxy version 2.0.0
FortiProxy versions 1.2.8 and below.
FortiProxy versions 1.1 all versions
FortiProxy versions 1.0 all versions

Solutions

Please upgrade to FortiProxy versions 2.0.1 or above. Please upgrade to FortiProxy versions 1.2.9 or above.

Acknowledgement

Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.