FortiCASB data pattern name XSS vulnerability
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-001
Final
1
1
2019-05-15T00:00:00
Current version
2019-05-15T00:00:00
2019-05-15T00:00:00
Failure to sanitize input in the customized data pattern webpage of FortiCASBĂ‚ may allow an authenticated attacker to conduct a stored XSS attack via the name parameter.
Cross-site Scripting (XSS)
FortiCASB all versions below 4.1.0
FortiCASB had been upgraded to 4.1.0 to address this issue.
Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.
FortiCASB data pattern name XSS vulnerability
5.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-001
FortiCASB data pattern name XSS vulnerability
Reference>