FortiManager and FortiAnalyzer XSS vulnerability
Summary
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks.
Description
A vulnerablity in FortiManager/FortiAnalyzer address added page could allow malicious script being injected in the input field; this potentially enables XSS attacks.
Impact Detail
NOT RENDERED BY THE CMS
Affected Products
FortiManager: 5.0.0 - 5.0.11, 5.2.0 - 5.2.5
FortiAnalyzer: 5.0.0 - 5.0.12, 5.2.0 - 5.2.5
Solutions
Upgrade to:
FortiManagerÂ
5.0.12 and above
5.2.6 and above
5.4.0 and above
FortiAnalyzerÂ
5.0.13 and above
5.2.6 and above
5.4.0 and above
Acknowledgement
Fortinet is pleased to thank Vulnerability Lab for reporting a FortiManager/FortiAnalyzer vulnerability under responsible disclosure. Â