FortiMail - Cross-site scripting (XSS) in Webmail
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail Webmail may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.
Affected ProductsFortiMail version 7.0.0 through 7.0.3
FortiMail version 6.4.0 through 6.4.7
FortiMail version 6.2.0 through 6.2.8
FortiMail version 6.0.0 through 6.0.12
SolutionsPlease upgrade to FortiMail version 7.2.0 or above
Please upgrade to FortiMail version 7.0.4 or above