CVE-2017-7335 WLC Management 8-2-4-0 XSS Vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-106 Final 1 1 2017-10-13T00:00:00 Current version 2017-10-13T00:00:00 2017-10-13T00:00:00 The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. A successful attack would involve getting a targeted victim with an open session on the WebUI to visit a malicious URL crafted by the attacker. Execute unauthorized code or commands FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5)FortiWLC 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10)FortiWLC 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) For FortiWLC 7.x branch, upgrade to 7.0.11 or newer versions.For FortiWLC 8.x branch, upgrade to 8.3.3 or newer versions. Fortinet is pleased to thank Ali Ardic (Cyber Security Specialist and Researcher - G.A.I.S.) for reporting this vulnerability under responsible disclosure. CVE-2017-7335 0 https://fortiguard.fortinet.com/psirt/FG-IR-17-106 CVE-2017-7335 WLC Management 8-2-4-0 XSS Vulnerability Reference>