PSIRT Advisories

FortiWeb - Insufficient protections against XSS and CSRF


A protection mechanism failure [CWE-693] vulnerability in FortiWeb may allow an attacker to bypass XSS and CSRF protections.

Affected Products

FortiWeb version 7.2.0 through 7.2.1
FortiWeb version 7.0.0 through 7.0.6
FortiWeb 6.4 all versions
FortiWeb 6.3 all versions


Please upgrade to FortiWeb version 7.2.2 or above
Please upgrade to FortiWeb version 7.0.7 or above


Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.


2023-09-05: Initial publication