Unauthenticated XSS (Cross Site Scripting) in FortiMail
Summary
An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.
Description
An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.
Affected Products
FortiMail5.0.0 -> 5.2.9,
5.3.0 -> 5.3.8
Solutions
Upgrade to FortiMail 5.3.9Acknowledgement
Fortinet is pleased to thank Ebrahim Hegazy for reporting this vulnerability under responsible disclosure.