FortiWeb Stored Cross-Site Scripting Vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-14-001
Final
1
1
2014-01-17T00:00:00
Current version
2014-01-17T00:00:00
2014-01-17T00:00:00
Authenticated administrative users can store injected Javascript content into a specific field on the web management interface. This Javascript may be evaluated in the context of another administrative user browsing to the affected web page.
Privilege Elevation
FortiWeb 5.0.3 and lower.
Upgrade to FortiWeb 5.0.4 or higher.
Enrique E. Nissim from the ZConsulting team (http://www.zconsulting.com.ar)
FortiWeb Stored Cross-Site Scripting Vulnerability
CVE-2014-1458
https://fortiguard.fortinet.com/psirt/FG-IR-14-001
FortiWeb Stored Cross-Site Scripting Vulnerability
Reference>