XSS vulnerability in FortiClientEMS
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.
Unauthorized code execution
FortiClientEMS version 6.2.0 and below.
Please upgrade to version 6.2.1 and above.
Fortinet is pleased to thank Artem Dimitriev for reporting this issue under responsible disclosure.