FortiManager and FortiAnalyzer XSS vulnerability

Summary

A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks.

description-logo Description

A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks.

Impact Detail

NOT RENDERED BY THE CMS

Affected Products

FortiManager: 5.0.0 - 5.0.11, 5.2.0 - 5.2.5

FortiAnalyzer: 5.0.0 - 5.0.12, 5.2.0 - 5.2.5

Solutions

Upgrade to:

FortiManager 

5.0.12 and above

5.2.6 and above

5.4.0 and above


FortiAnalyzer 

5.0.13 and above

5.2.6 and above

5.4.0 and above

Acknowledgement

Fortinet is pleased to thank Vulnerability Lab for reporting a FortiManager/FortiAnalyzer vulnerability under responsible disclosure. Â