XSS vulnerability in FortiNAC admin webUI search field
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-140
Final
1
1
2019-07-16T00:00:00
Current version
2019-07-16T00:00:00
2019-07-16T00:00:00
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in FortiNAC admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
Cross-site Scripting (XSS)
FortiNAC 8.3.0 to 8.3.6 and 8.5.0
Upgrade to FortiNAC 8.3.7 or 8.5.1
Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.
FortiNAC 8.5.0
XSS vulnerability in FortiNAC admin webUI search field
CVE-2019-5594
FortiNAC-8.5.0
6.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-140
XSS vulnerability in FortiNAC admin webUI search field
Reference>