PSIRT Advisory

Potential Cross Site Scripting Vulnerability in FortiWeb

Summary

FortiWeb does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to inject malicious script code.

Description

FortiWeb does not sanitize user input properly under limited circumstances. The vulnerability could allow an attacker to inject malicious script code.

Impact

Cross Site Scripting

Affected Products

FortiWeb-4000C FortiWeb-3000C/3000CFsx FortiWeb-1000C FortiWeb-400C FortiWeb Virtual Appliance

Solutions

Upgrade to FortiWeb v4.4.4.

Acknowledgement

Benjamin Kunz Mejri of Vulnerability Laboratory Research Team