FortiADC - Cross-Site Scripting in Fabric Connectors

Summary

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.

Version Affected Solution
FortiADC 7.1 7.1.0 through 7.1.1 Upgrade to 7.1.2 or above
FortiADC 7.0 7.0.0 through 7.0.3 Upgrade to 7.0.4 or above
FortiADC 6.2 6.2.0 through 6.2.5 Upgrade to 6.2.6 or above

Timeline

2023-03-21: Initial publication