PSIRT Advisories
FortiMail - Cross-site scripting (XSS) in Webmail
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail Webmail may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.
Affected Products
FortiMail version 7.0.0 through 7.0.3FortiMail version 6.4.0 through 6.4.7
FortiMail version 6.2.0 through 6.2.8
FortiMail version 6.0.0 through 6.0.12
Solutions
Please upgrade to FortiMail version 7.2.0 or abovePlease upgrade to FortiMail version 7.0.4 or above