PSIRT Advisory

Script Code Injection Vulnerability in FortiMail

Summary

FortiMail fails to sanitize user input. The vulnerability allows an attacker to bypass its input filtering routine, which could result in the execution of the injected script code.

Description

FortiMail fails to sanitize user input. The vulnerability allows an attacker to bypass its input filtering routine, which could result in the execution of the injected script code.

Impact

Arbitrary Script Code Injection

Affected Products

FortiMail 200D, 400C, VM2K, 2000B and 5002B.

Solutions

Restrict the user input to allowed characters.