PSIRT Advisory

XSS vulnerability in the Anomaly Detection Parameter Name

Summary

An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated attacker to perform a cross site scripting attack (XSS) via a parameter of the request.

Impact

Unauthorized code execution

Affected Products

FortiWeb Versions 6.0.5 and below.

FortiWeb Versions 6.1.1 and below.

FortiWeb Version 6.2.0

Solutions

Please upgrade to FortiWeb versions 6.0.6 or above 

Please upgrade to FortiWeb versions 6.1.2 or above 

Please upgrade to FortiWeb versions 6.2.1 or above

Acknowledgement

Fortinet is pleased to thank Pablo Arriaga Perez from Government of Navarre and S21sec for reporting this vulnerability under responsible disclosure.