DHCP Hostname HTML Injection
It is possible to inject malicious script through the DHCP HOSTNAME option. The malicious script code is injected into the device's "DHCP Monitor" page (System->Monitor->DHCP Monitor) on the web-based interface which is accessible by the webui administrators.
Cross Site Scripting
Upgrade to one the following FortiOS versions:
- 5.0 branch: 5.0.13 or above
- 5.2 branch: 5.2.4 or above
- 5.4 branch: 5.4.0 or above
Fortinet is pleased to thanks to Ziv Kamir from GamaSec for reporting a FortiOS vulnerability under responsible disclosure