FortiWLC XSS injection via crafted HTTP POST request
Summary
The FortiWLC admin webUI is affected by XSS vulnerabilities, potentially exploitable by an authenticated user, via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. A successful attack would involve getting a targeted victim with an open session on the WebUI to visit a malicious URL crafted by the attacker.
Affected Products
FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5)FortiWLC 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10)
FortiWLC 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2)
Solutions
For FortiWLC 7.x branch, upgrade to 7.0.11 or newer versions. For FortiWLC 8.x branch, upgrade to 8.3.3 or newer versions.Acknowledgement
Fortinet is pleased to thank Ali Ardic (Cyber Security Specialist and Researcher - G.A.I.S.) for reporting this vulnerability under responsible disclosure.