Injection vulnerabilities Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-027 Final 1 1 2021-10-05T00:00:00 Current version 2021-10-05T00:00:00 2021-10-05T00:00:00 An improper neutralization of input vulnerability [CWE-79] in FortiWebManager may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device. None Execute unauthorized code or commands FortiWebManager version 6.2.3 and below.FortiWebManager version 6.0.x. Please upgrade to FortiWebManager version 6.2.4 or above. Fortinet is pleased to thank Danilo Costa from Sigma Telecom for reporting this issue under responsible disclosure. CVE-2021-36175 4.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-027 Injection vulnerabilities Reference>