Multiple reflected XSS

Multiple reflected XSS Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-054 Final 1 1 2021-08-03T00:00:00 Current version 2021-08-03T00:00:00 2021-08-03T00:00:00 Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer user interface may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. None Execute unauthorized code or commands FortiAnalyzer version 7.0.0FortiAnalyzer version 6.4.0 through 6.4.5FortiAnalyzer version 6.2.0 through 6.2.7FortiAnalyzer 6.0 all versionsFortiAnalyzer 5.6 all versions are not affectedFortiManager version 7.0.0FortiManager version 6.4.0 through 6.4.5FortiManager version 6.2.0 through 6.2.7FortiManager 6.0 all versionsFortiManager 5.6 all versions are not affected Please upgrade to FortiManager version 6.2.8.Please upgrade to FortiManager version 6.4.6.Please upgrade to FortiManager version 7.0.1.Please upgrade to FortiAnalyzer version 6.2.8.Please upgrade to FortiAnalyzer version 6.4.6.Please upgrade to FortiAnalyzer version 7.0.1. Fortinet is pleased to thank Clément Amic, Pierre Milioni and Adrien Peter from Synacktiv for reporting this vulnerability under responsible disclosure. FortiAnalyzer 7.0.0 FortiAnalyzer 6.4.5 FortiAnalyzer 6.4.4 FortiAnalyzer 6.4.3 FortiAnalyzer 6.4.2 FortiAnalyzer 6.4.1 FortiAnalyzer 6.4.0 FortiAnalyzer 6.2.7 FortiAnalyzer 6.2.6 FortiAnalyzer 6.2.5 FortiAnalyzer 6.2.4 FortiAnalyzer 6.2.3 FortiAnalyzer 6.2.2 FortiAnalyzer 6.2.1 FortiAnalyzer 6.2.0 FortiAnalyzer 6.0.12 FortiAnalyzer 6.0.11 FortiAnalyzer 6.0.10 FortiAnalyzer 6.0.9 FortiAnalyzer 6.0.8 FortiAnalyzer 6.0.7 FortiAnalyzer 6.0.6 FortiAnalyzer 6.0.5 FortiAnalyzer 6.0.4 FortiAnalyzer 6.0.3 FortiAnalyzer 6.0.2 FortiAnalyzer 6.0.1 FortiAnalyzer 6.0.0 FortiManager 7.0.0 FortiManager 6.4.5 FortiManager 6.4.4 FortiManager 6.4.3 FortiManager 6.4.2 FortiManager 6.4.1 FortiManager 6.4.0 FortiManager 6.2.7 FortiManager 6.2.6 FortiManager 6.2.5 FortiManager 6.2.4 FortiManager 6.2.3 FortiManager 6.2.2 FortiManager 6.2.1 FortiManager 6.2.0 FortiManager 6.0.12 FortiManager 6.0.11 FortiManager 6.0.10 FortiManager 6.0.9 FortiManager 6.0.8 FortiManager 6.0.7 FortiManager 6.0.6 FortiManager 6.0.5 FortiManager 6.0.4 FortiManager 6.0.3 FortiManager 6.0.2 FortiManager 6.0.1 FortiManager 6.0.0 Multiple reflected XSS CVE-2021-32597 FortiAnalyzer-7.0.0 FortiAnalyzer-6.4.5 FortiAnalyzer-6.4.4 FortiAnalyzer-6.4.3 FortiAnalyzer-6.4.2 FortiAnalyzer-6.4.1 FortiAnalyzer-6.4.0 FortiAnalyzer-6.2.7 FortiAnalyzer-6.2.6 FortiAnalyzer-6.2.5 FortiAnalyzer-6.2.4 FortiAnalyzer-6.2.3 FortiAnalyzer-6.2.2 FortiAnalyzer-6.2.1 FortiAnalyzer-6.2.0 FortiAnalyzer-6.0.12 FortiAnalyzer-6.0.11 FortiAnalyzer-6.0.10 FortiAnalyzer-6.0.9 FortiAnalyzer-6.0.8 FortiAnalyzer-6.0.7 FortiAnalyzer-6.0.6 FortiAnalyzer-6.0.5 FortiAnalyzer-6.0.4 FortiAnalyzer-6.0.3 FortiAnalyzer-6.0.2 FortiAnalyzer-6.0.1 FortiAnalyzer-6.0.0 FortiManager-7.0.0 FortiManager-6.4.5 FortiManager-6.4.4 FortiManager-6.4.3 FortiManager-6.4.2 FortiManager-6.4.1 FortiManager-6.4.0 FortiManager-6.2.7 FortiManager-6.2.6 FortiManager-6.2.5 FortiManager-6.2.4 FortiManager-6.2.3 FortiManager-6.2.2 FortiManager-6.2.1 FortiManager-6.2.0 FortiManager-6.0.12 FortiManager-6.0.11 FortiManager-6.0.10 FortiManager-6.0.9 FortiManager-6.0.8 FortiManager-6.0.7 FortiManager-6.0.6 FortiManager-6.0.5 FortiManager-6.0.4 FortiManager-6.0.3 FortiManager-6.0.2 FortiManager-6.0.1 FortiManager-6.0.0 4.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-054 Multiple reflected XSS Reference>