FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI


Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiNAC portal UI may allow an attacker to perform an XSS attack via crafted HTTP requests.

Affected Products

FortiNAC version 9.4.0 through 9.4.1
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions


Please upgrade to FortiNAC-F version 7.2.0 or above
Please upgrade to FortiNAC version 9.4.2 or above


Internally discovered and reported by Théo Leleu of Fortinet Product Security team.