PSIRT Advisory

FortiCloud Cross Site Script Persistent Web Vulnerabilities

Summary

Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow malicious script being injected in the affected module; this potentially enables XSS attacks.

Description

Forticloud online service before May 3, 2016 was exposed to cross site scripting web vulnerabilities, which could allow malicious script being injected in the affected module; this potentially enables XSS attacks.

Impact

XSS attacks

Affected Products

FortiCloud online service before May 3, 2016

Solutions

Issue fixed on May 3, 2016

Acknowledgement

Fortinet is pleased to thank Vulnerability Lab for reporting a FortiManager/FortiAnalyzer vulnerability under responsible disclosure.