FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI

Summary

Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiNAC portal UI may allow an attacker to perform an XSS attack via crafted HTTP requests.

Affected Products

FortiNAC version 9.4.0 through 9.4.1
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions

Solutions

Please upgrade to FortiNAC-F version 7.2.0 or above
Please upgrade to FortiNAC version 9.4.2 or above

Acknowledgement

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.