FortiWeb Stored XSS vulnerability on webUI certificate view page
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-17-131
Final
1
1
2017-11-17T00:00:00
Current version
2017-11-17T00:00:00
2017-11-17T00:00:00
There exists a persistent Cross-site Scripting (XSS) vulnerability on FortiWeb's webUI Certificate View page, which can be triggered via malicious certificate import.
Cross-site Scripting (XSS)
FortiWeb version 5.8.0, 5.7.1 and below
Upgrade to FortiWeb versions 5.8.1, 5.7.2 or above
Fortinet is pleased to thank independent researcher Hassan Kooshkaki for reporting this vulnerability under responsible disclosure.
FortiWeb 5.8.0
FortiWeb 5.7.1
FortiWeb 5.7.0
FortiWeb 5.6.2
FortiWeb 5.6.1
FortiWeb 5.6.0
FortiWeb Stored XSS vulnerability on webUI certificate view page
CVE-2017-7736
FortiWeb-5.8.0
FortiWeb-5.7.1
FortiWeb-5.7.0
FortiWeb-5.6.2
FortiWeb-5.6.1
FortiWeb-5.6.0
0
https://fortiguard.fortinet.com/psirt/FG-IR-17-131
FortiWeb Stored XSS vulnerability on webUI certificate view page
Reference>