PSIRTCross-Site Scripting in Fabric Connectors
Summary
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.
| Version | Affected | Solution |
|---|---|---|
| FortiADC 7.1 | 7.1.0 through 7.1.1 | Upgrade to 7.1.2 or above |
| FortiADC 7.0 | 7.0.0 through 7.0.3 | Upgrade to 7.0.4 or above |
| FortiADC 6.2 | 6.2.0 through 6.2.5 | Upgrade to 6.2.6 or above |
Timeline
2023-04-11: Initial publication