PSIRT Advisory

FortiManager and FortiAnalyzer Persistent XSS vulnerability

Summary

When a low privileged user uploads images in the report section, the filenames are notproperly sanitized; this potentially enables stored XSS attacks.


Impact

Persistent XSS

Affected Products

FortiManager/FortiAnalyzer: 5.0.0 - 5.0.11, 5.2.0 - 5.2.5

Solutions

Upgrade to:

FortiManager/FortiAnalyzer

5.4.0 and above

5.2.6 and above


Acknowledgement

Fortinet is pleased to thank Vulnerability Lab for reporting a FortiManager/FortiAnalyzer vulnerability under responsible disclosure.