[FortiNAC] XSS observed in UserID of Admin Users Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-002 Final 1 1 2020-09-23T00:00:00 Current version 2020-09-23T00:00:00 2020-09-23T00:00:00 An improper neutralization of input vulnerability in FortiNAC may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. Execute unauthorized code or commands FortiNAC version 8.7.2 and below. Please upgrade to FortiNAC 8.7.3 or above. Fortinet is pleased to thank Johnatan Camargo from Itaú Unibanco for reporting this vulnerability under responsible disclosure. CVE-2020-12816 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-002 [FortiNAC] XSS observed in UserID of Admin Users Reference>