[CVE-2017-7736] XSS-Store and Tag Injection vulnerabilities on Import CA certificate Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-131 Final 1 1 2017-11-17T00:00:00 Current version 2017-11-17T00:00:00 2017-11-17T00:00:00 There exists a persistent Cross-site Scripting (XSS) vulnerability on FortiWeb's webUI Certificate View page, which can be triggered via malicious certificate import. Execute unauthorized code or commands FortiWeb version 5.8.0, 5.7.1 and below Upgrade to FortiWeb versions 5.8.1, 5.7.2 or above Fortinet is pleased to thank independent researcher Hassan Kooshkaki for reporting this vulnerability under responsible disclosure. CVE-2017-7736 0 https://fortiguard.fortinet.com/psirt/FG-IR-17-131 [CVE-2017-7736] XSS-Store and Tag Injection vulnerabilities on Import CA certificate Reference>