Stored XSS vulnerability in the firewall policy global-label parameter Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-057 Final 1 1 2017-05-17T00:00:00 Current version 2017-05-17T00:00:00 2017-05-17T00:00:00 FortiOS is subject to a Cross-Site Scripting vulnerability, due to an improperly sanitized parameter in a hidden CLI configuration setting named 'global-label' . This can however only be exploited by an administrator with write privileges. Execute unauthorized code or commands FortiOS versions 5.2.0 through 5.2.10FortiOS 5.0 all versionsFortiOS version 4.3.x is NOT vulnerable Please upgrade to FortiOS versions 5.2.11 or above.Please upgrade to FortiOS versions 5.4.0 or above. Fortinet is pleased to thank Mohamed Keffous from CAP GEMINI/SOGETI for reporting this vulnerability under responsible disclosure. CVE-2017-3128 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-17-057 Stored XSS vulnerability in the firewall policy global-label parameter Reference>