PSIRT Advisory

FortiCASB data pattern name XSS vulnerability

Summary

Failure to sanitize input in the customized data pattern webpage of FortiCASB  may allow an authenticated attacker to conduct a stored XSS attack via the name parameter.

Impact

Cross-site Scripting (XSS)

Affected Products

FortiCASB all versions below 4.1.0

Solutions

FortiCASB had been upgraded to 4.1.0 to address this issue.

Acknowledgement

Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.