Fortiguard

FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form

Summary

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

Affected Products

FortiOS version 7.0.3 and below,
FortiOS version 6.4.8 and below,
FortiOS version 6.2.10 and below,
FortiOS version 6.0.14 to 6.0.0.

FortiProxy version 7.0.1 and below,
FortiProxy version 2.0.7 to 2.0.0.

Solutions

Please upgrade to FortiOS version 7.0.4 or above
Please upgrade to FortiOS version 6.4.9 or above
Please upgrade to FortiOS version 6.2.11 or above
Please upgrade to FortiProxy version 7.0.2 or above
Please upgrade to FortiProxy version 2.0.8 or above

Acknowledgement

Fortinet is pleased to thank Tom Tervoort for bringing this issue to our attention under responsible disclosure.

IR Number	FG-IR-21-230
Date	May 3, 2022
Severity	Medium
CVSSv3 Score	6
Impact	Unauthorized code execution
CVE ID	CVE-2021-43081
CVRF	Download

Network

Files and Endpoint

Application

Additional SOC Services

PSIRT Advisories

FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form

Summary

Affected Products

Solutions

Acknowledgement

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

PSIRT Advisories

FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form

Summary

Affected Products

Solutions

Acknowledgement