FortiPortal - Reflected cross-site scripting due to wrong sanitization context Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-100 Final 1 1 2021-11-02T00:00:00 Current version 2021-11-02T00:00:00 2021-11-02T00:00:00 Multiple improper neutralization of input during web page generation vulnerabilities [CWE-79] in both the customer and provider interfaces of FortiPortal may allow an attacker to perform reflected Cross-site scripting attacks via specially crafted HTTP request parameters. None Execute unauthorized code or commands FortiPortal version 6.0.5 and below.FortiPortal version 5.3.6 and below.FortiPortal version 5.2.6 and below.FortiPortal version 5.1.2 and below.FortiPortal version 5.0.3 and below.FortiPortal version 4.2.4 and below.FortiPortal version 4.1.2 and below.FortiPortal version 4.0.4 and below. Upgrade to FortiPortal version 6.0.6 or above.Upgrade to FortiPortal version 5.3.7 or above.Upgrade to FortiPortal version 5.2.7 or above. Internally discovered and reported by Fortinet Product Security team. CVE-2021-36176 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-100 FortiPortal - Reflected cross-site scripting due to wrong sanitization context Reference>