FortiManager XSS vuln. when view config under Revision History Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-006 Final 1 1 2018-06-22T00:00:00 Current version 2018-06-22T00:00:00 2018-06-22T00:00:00 A potential Cross-site Scripting (XSS) vulnerability exists in FortiManager: Displayed data is not sanitized when an administrator views the managed devices configuration, in the installation revision history of the GUI.The risk of successful exploitation is however low, because injection of malicious code needs to happen in the managed device’s CLI configurations, which are generally trusted. Execute unauthorized code or commands FortiManager 6.0.0, 5.6.6 and below. Upgrade to FortiManager 5.6.7, 6.0.1 or above.Revision History:2018-06-22 Initial version2019-11-22 Update 5.6 branch fix info. Fortinet is pleased to thank Sven Wandersleb, link protect GmbH reporting this vulnerability under responsible disclosure. CVE-2018-1351 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-18-006 FortiManager XSS vuln. when view config under Revision History Reference>