XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-001
Final
1
1
2020-03-09T00:00:00
Current version
2020-03-09T00:00:00
2020-03-09T00:00:00
An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
Unauthorized code execution
FortiWeb version 6.2.2 and below.FortiWeb version 6.3.0.
Please upgrade to FortiWeb version 6.2.3 or above Please upgrade to FortiWeb version 6.3.1 or above
Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.
FortiMail 7.0.3
FortiMail 7.0.2
FortiMail 7.0.1
FortiMail 7.0.0
FortiWeb 6.3.0
FortiWeb 6.2.2
FortiWeb 6.2.1
FortiWeb 6.2.0
FortiWeb 6.1.4
FortiWeb 6.1.3
FortiWeb 6.1.2
FortiWeb 6.1.1
FortiWeb 6.1.0
FortiWeb 6.0.8
FortiWeb 6.0.7
FortiWeb 6.0.6
FortiWeb 6.0.5
FortiWeb 6.0.4
FortiWeb 6.0.3
FortiWeb 6.0.2
FortiWeb 6.0.1
FortiWeb 6.0.0
FortiWeb 5.9.2
FortiWeb 5.9.1
FortiWeb 5.9.0
XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb
CVE-2020-6646
FortiMail-7.0.3
FortiMail-7.0.2
FortiMail-7.0.1
FortiMail-7.0.0
FortiWeb-6.3.0
FortiWeb-6.2.2
FortiWeb-6.2.1
FortiWeb-6.2.0
FortiWeb-6.1.4
FortiWeb-6.1.3
FortiWeb-6.1.2
FortiWeb-6.1.1
FortiWeb-6.1.0
FortiWeb-6.0.8
FortiWeb-6.0.7
FortiWeb-6.0.6
FortiWeb-6.0.5
FortiWeb-6.0.4
FortiWeb-6.0.3
FortiWeb-6.0.2
FortiWeb-6.0.1
FortiWeb-6.0.0
FortiWeb-5.9.2
FortiWeb-5.9.1
FortiWeb-5.9.0
4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-001
XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb
Reference>