PSIRT Advisory

Stored XSS vulnerability in traffic group interface

Summary

An improper neutralization of input vulnerability in the FortiADC may allow an attacker to execute a stored Cross Site Scripting (XSS) via a field in the traffic group interface.

Impact

Execute unauthorized code or commands

Affected Products

FortiADC version 5.3.3 and below

Solutions

Please upgrade to FortiADC version 5.3.4 or above

Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI Dynamic IT Security for reporting this vulnerability under responsible disclosure.