PSIRT

FortiWeb Stored Cross-Site Scripting Vulnerability

Description

Authenticated administrative users can store injected Javascript content into a specific field on the web management interface. This Javascript may be evaluated in the context of another administrative user browsing to the affected web page.

Affected Products

FortiWeb 5.0.3 and lower.

Solutions

Upgrade to FortiWeb 5.0.4 or higher.

Acknowledgement

Enrique E. Nissim from the ZConsulting team (http://www.zconsulting.com.ar)

IR Number	FG-IR-14-001
Published Date	Jan 17, 2014
Component	GUI
Severity	Medium
Impact	Privilege Elevation
CVE ID	CVE-2014-1458
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

FortiWeb Stored Cross-Site Scripting Vulnerability

Description

Affected Products

Solutions

Acknowledgement

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

FortiWeb Stored Cross-Site Scripting Vulnerability

Description

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center