An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiOS may allow a remote authenticated attacker to inject script related HTML tags via the SAML and Security Fabric components.
|Upgrade to 7.4.0 or above
|7.2.0 through 7.2.5
|Upgrade to 7.2.6 or above
AcknowledgementInternally discovered and reported by William Costa from Fortinet's CSE team
2023-10-10: Initial publication