PSIRT Advisory

Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI

Description

Prior to version 5.0.7, the Web User Interface of FortiManager and FortiAnalyzer is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities.

Impact

Cross-Site Scripting (reflected)

Affected Products

FortiManager and FortiAnalyzer

Solutions

Upgrade to 5.0.7 or above.

Acknowledgement

Oded Vanunu & Adi Volkovitz, Check Point Security Research Team.