PSIRT Advisory

FortiVoice 5.0 Filter Bypass & Persistent Web Vulnerabilities

Summary

A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this potentially enables XSS attacks.

Description

A vulnerablity in FortiVoice 5.0 web-application could allow malicious script being injected in the affected module; this potentially enables XSS attacks.

Impact

XSS attacks

Affected Products

FortiVoice 5.0.4 and below

Solutions

Upgrade to:

5.0.5 and above

Acknowledgement

Fortinet is pleased to thank Vulnerability Lab for reporting a FortiManager/FortiAnalyzer vulnerability under responsible disclosure.