FortiPortal - Reflected cross-site scripting due to wrong sanitization context
Summary
Multiple improper neutralization of input during web page generation vulnerabilities [CWE-79] in both the customer and provider interfaces of FortiPortal may allow an attacker to perform reflected Cross-site scripting attacks via specially crafted HTTP request parameters.
Affected Products
FortiPortal version 6.0.5 and below.
FortiPortal version 5.3.6 and below.
FortiPortal version 5.2.6 and below.
FortiPortal version 5.1.2 and below.
FortiPortal version 5.0.3 and below.
FortiPortal version 4.2.4 and below.
FortiPortal version 4.1.2 and below.
FortiPortal version 4.0.4 and below.
Solutions
Upgrade to FortiPortal version 6.0.6 or above.
Upgrade to FortiPortal version 5.3.7 or above.
Upgrade to FortiPortal version 5.2.7 or above.