FortiPortal - XSS observed on policy column settings
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.
Affected Products
FortiPortal version 6.0.0 through 6.0.11
FortiPortal 5.3 all versions
FortiPortal 5.2 all versions
FortiPortal 5.1 all versions
FortiPortal 5.0 all versions