FortiCASB data pattern name XSS vulnerability
Failure to sanitize input in the customized data pattern webpage of FortiCASB may allow an authenticated attacker to conduct a stored XSS attack via the name parameter.
Cross-site Scripting (XSS)
FortiCASB all versions below 4.1.0
FortiCASB had been upgraded to 4.1.0 to address this issue.
Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.