data pattern name XSS in FortiCASB Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-001 Final 1 1 2019-05-15T00:00:00 Current version 2019-05-15T00:00:00 2019-05-15T00:00:00 Failure to sanitize input in the customized data pattern webpage of FortiCASB may allow an authenticated attacker to conduct a stored XSS attack via the name parameter. Execute unauthorized code or commands FortiCASB all versions below 4.1.0 FortiCASB had been upgraded to 4.1.0 to address this issue. Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure. 5.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-001 data pattern name XSS in FortiCASB Reference>