XSS vulnerability in FortiNAC admin webUI search field
Summary
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in FortiNAC admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
Affected Products
FortiNAC 8.3.0 to 8.3.6 and 8.5.0
Solutions
Upgrade to FortiNAC 8.3.7 or 8.5.1
Acknowledgement
Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.