FortiNAC - Multiple Stored and Reflected XSS


Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.


Please upgrade to FortiNAC-F version 7.2.0 or above,
Please upgrade to FortiNAC version 9.4.2 or above


Internally discovered and reported by Giulia Clerici of the Fortinet Product Security team.