Unauthenticated XSS (Cross Site Scripting) in FortiMail Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-011 Final 1 1 2017-04-04T00:00:00 Current version 2017-04-04T00:00:00 2017-04-04T00:00:00 An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in thesecurity context of the browser of a victim logged in FortiMail, assuming the victim is socialengineered into clicking an URL crafted by the attacker. An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker. Execute unauthorized code or commands FortiMail 5.0.0 -> 5.2.9,5.3.0 -> 5.3.8 Upgrade to FortiMail 5.3.9 Fortinet is pleased to thank Ebrahim Hegazy for reporting this vulnerability under responsible disclosure CVE-2017-3125 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-17-011 Unauthenticated XSS (Cross Site Scripting) in FortiMail Reference>