PSIRT Advisories
FortiOS & FortiProxy - Stored XSS in guest management page
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS and FortiProxy GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.
Major Version | Affected Products | Solutions |
---|---|---|
7.2 | FortiProxy version 7.2.0 through 7.2.4 | Please upgrade to FortiProxy version 7.2.5 or above |
7.0 | FortiProxy version 7.0.0 through 7.0.10 | Please upgrade to FortiProxy version 7.0.11 or above |
7.2 | FortiOS version 7.2.0 through 7.2.4 | Please upgrade to FortiOS version 7.2.5 or above |
7.0 | FortiOS version 7.0.0 through 7.0.11 | Please upgrade to FortiOS version 7.0.12 or above |
6.4 | FortiOS version 6.4.0 through 6.4.12 | Please upgrade to FortiOS version 6.4.13 or above |
6.2 | FortiOS version 6.2.0 through 6.2.14 | Please upgrade to FortiOS version 6.2.15 or above |