Insufficient protections against XSS and CSRF
Summary
A protection mechanism failure [CWE-693] vulnerability in FortiWeb may allow an attacker to bypass XSS and CSRF protections.
Version | Affected | Solution |
---|---|---|
FortiWeb 7.2 | 7.2.0 through 7.2.1 | Upgrade to 7.2.2 or above |
FortiWeb 7.0 | 7.0.0 through 7.0.6 | Upgrade to 7.0.7 or above |
FortiWeb 6.4 | 6.4.0 through 6.4.3 | Upgrade to 6.4.4 or above |
FortiWeb 6.3 | 6.3.6 through 6.3.23 | Upgrade to 6.3.24 or above |
Acknowledgement
Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.Timeline
2023-09-05: Initial publication