FortiWLM - reflected cross-site scripting vulnerability in cgi_bin handlers
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-111
Final
1
1
2021-12-07T00:00:00
Current version
2021-12-07T00:00:00
2021-12-07T00:00:00
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiWLM may allow an authenticated user to perform an XSS attack via crafted HTTP GET requests.
Execute unauthorized code or commands
FortiWLM version 8.6.2 and below FortiWLM 8.2 all versions FortiWLM 8.3 all versions FortiWLM 8.4 all versions FortiWLM 8.5 all versions
Upgrade to FortiWLM version 8.6.3 or above.
Internally discovered and reported by Mattia Fecit of Fortinet Product Security Team.
FortiWLM 8.6.2
FortiWLM 8.6.1
FortiWLM 8.6.0
FortiWLM 8.5.5
FortiWLM 8.5.4
FortiWLM 8.5.3
FortiWLM 8.5.2
FortiWLM 8.5.1
FortiWLM 8.5.0
FortiWLM 8.4.2
FortiWLM 8.4.1
FortiWLM 8.4.0
FortiWLM 8.3.2
FortiWLM 8.3.1
FortiWLM 8.3.0
FortiWLM 8.2.2
FortiWLM - reflected cross-site scripting vulnerability in cgi_bin handlers
CVE-2021-42752
FortiWLM-8.6.2
FortiWLM-8.6.1
FortiWLM-8.6.0
FortiWLM-8.5.5
FortiWLM-8.5.4
FortiWLM-8.5.3
FortiWLM-8.5.2
FortiWLM-8.5.1
FortiWLM-8.5.0
FortiWLM-8.4.2
FortiWLM-8.4.1
FortiWLM-8.4.0
FortiWLM-8.3.2
FortiWLM-8.3.1
FortiWLM-8.3.0
FortiWLM-8.2.2
5.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-111
FortiWLM - reflected cross-site scripting vulnerability in cgi_bin handlers
Reference>