PSIRT Advisories

FortiWAN - Stored Cross-site scripting in log viewer

Summary

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests.

Affected Products

FortiWAN 4.5.8 and below.

Solutions

Upgrade to FortiWAN 4.5.9 or above

Acknowledgement

Internally discovered by Giuseppe Cocomazzi of Fortinet PSIRT.