PSIRT Advisory

XSS vulnerability in the Dashboard name parameter of FortiADC

Summary

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.

Impact

Execute Unauthorized Code or Commands

Affected Products

FortiADC version 5.3.4 and below
FortiADC version 5.4.0 and below

Solutions

Please upgrade to FortiADC version 5.3.5 or above.
Please upgrade to FortiADC version 5.4.1 or above.

Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.