An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a reflected Cross Site Scripting attack (XSS) by injecting malicious payload in the error, message or redir parameters.
FortiProxy version 2.0.0
FortiProxy versions 1.2.8 and below.
FortiProxy versions 1.1 all versions
FortiProxy versions 1.0 all versions
Please upgrade to FortiProxy versions 2.0.1 or above. Please upgrade to FortiProxy versions 1.2.9 or above.