Reflected cross-site scripting vulnerability in FortiGuard URI protection Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-185 Final 1 1 2022-02-01T00:00:00 Current version 2022-02-01T00:00:00 2022-02-01T00:00:00 An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in FortiMail may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the FortiGuard URI protection service. None Execute unauthorized code or commands FortiMail version 7.0.1 and belowFortiMail version 6.4.5 and belowFortiMail version 6.2.7 and below Upgrade to FortiMail version 7.0.2 or aboveUpgrade to FortiMail version 6.4.6 or aboveUpgrade to FortiMail version 6.2.8 or above Fortinet is pleased to thank Braiant Giraldo Villa for reporting this vulnerability under responsible disclosure. CVE-2021-43062 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-185 Reflected cross-site scripting vulnerability in FortiGuard URI protection Reference>