FortiADC is vulnerable to XSS (New Dashboard name parameter not sanitized)
Summary
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
Affected Products
FortiADC version 5.3.4 and below
FortiADC version 5.4.0 and below
Solutions
Please upgrade to FortiADC version 5.3.5 or above
Please upgrade to FortiADC version 5.4.1 or above
Acknowledgement
Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.