Multiple products cross-site scripting vulnerabilities Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-15-005 Final 1 1 2015-02-25T00:00:00 Current version 2015-02-25T00:00:00 2015-02-25T00:00:00 The Web User Interface of FortiGate, FortiManager, FortiAnalyzer, FortiMail and FortiADC D models are vulnerable to reflected cross-site scripting vulnerabilities.Starting from FortiOS 5.2.0, three XSS are present in the sslvpn login page (CVE-2015-1880), user group (CVE-2014-8616) and the vpn template menus (CVE-2014-8616).Starting from FortiManager 5.0.3, there is a XSS located in the advanced dataset reports page when the FortiAnalyzer feature is activated (CVE-2015-3620).Starting from FortiAnalyzer 5.0.0 to 5.0.10 and 5.2.0 and 5.2.1, there is a XSS located in the advanced dataset reports page (CVE-2015-3620).All fortimail versions contains one XSS in web action quarantine release feature (CVE-2014-8617).Between versions 5.1.2 and 5.3.4 included, FortiWeb contains two XSS in the autolearn configuration page (CVE-2014-8619).Prior to version 4.2, FortiADC D models contains one XSS in the theme login page (CVE-2014-8618). The Web User Interface of FortiGate, FortiManager, FortiAnalyzer, FortiMail and FortiADC D models are vulnerable to reflected cross-site scripting vulnerabilities. Starting from FortiOS 5.2.0, three XSS are present in the sslvpn login page (CVE-2015-1880), user group (CVE-2014-8616) and the vpn template menus (CVE-2014-8616). Starting from FortiManager 5.0.3, there is a XSS located in the advanced dataset reports page when the FortiAnalyzer feature is activated (CVE-2015-3620). Starting from FortiAnalyzer 5.0.0 to 5.0.10 and 5.2.0 and 5.2.1, there is a XSS located in the advanced dataset reports page (CVE-2015-3620). All fortimail versions contains one XSS in web action quarantine release feature (CVE-2014-8617). Between versions 5.1.2 and 5.3.4 included, FortiWeb contains two XSS in the autolearn configuration page (CVE-2014-8619). Prior to version 4.2, FortiADC D models contains one XSS in the theme login page (CVE-2014-8618). Cross-Site Scripting (reflected) FortiGate, FortiManager, FortiAnalyzer, FortiMail, FortiWeb, FortiADC D models only. Upgrade to FortiOS 5.2.3 or aboveFortiManager 5.0.3 through v5.0.10: A fix will be included in upcoming version v5.0.11. Alternatively, one may upgrade to v5.2.2, which is already available.FortiManager 5.2 through 5.2.1: Upgrade FortiManager to 5.2.2FortiAnalyzer 5.0.0 through 5.0.10: A fix will be included in upcoming version v5.0.11. Alternatively, one may upgrade to v5.2.2, which is already available.FortiAnalyzer 5.2 through 5.2.1: Upgrade FortiAnalyzer to 5.2.2Upgrade to FortiMail 4.3.9 / 5.0.8 / 5.1.5 / 5.2.3 or aboveUpgrade to FortiWeb 5.3.5 or aboveUpgrade to FortiADC 4.2 or above Jared HaightWilliam CostaBenjamin Kunz Mejri (Vulnerability Laboratory, Evolution Security GmbH) CVE-2014-8616 CVE-2014-8617 CVE-2014-8618 CVE-2014-8619 CVE-2015-1880 CVE-2015-3620 https://fortiguard.fortinet.com/psirt/FG-IR-15-005 Multiple products cross-site scripting vulnerabilities Reference>