PSIRT Advisories

The FortiGuard Labs Product Security Incident Response Team (PSIRT) continually test Fortinet hardware and software products, looking for vulnerabilities and weaknesses. Any such findings are fed back to Fortinet's development teams and serious issues are described along with protective solutions in the advisories below.

A Cross-site Scripting (XSS) vulnerability in FortiOS SSL-VPN web portalmay allow an authenticated user to inject arbitrary web...

Nov 23, 2017 Risk IR Number: FG-IR-17-242
There exists a persistent Cross-site Scripting (XSS) vulnerability on FortiWeb's webUI Certificate View page, which can be triggered...

Nov 17, 2017 Risk IR Number: FG-IR-17-131
A reflected XSS vulnerability exists in FortiOS web proxy disclaimer response web pages, potentially exploitable by an unauthenticated...

Nov 03, 2017 Risk IR Number: FG-IR-17-168
FortiOS SSL Deep-Inspection may enable insecure renegotiation between TLS clients and servers that support secure renegotiation,...

Nov 03, 2017 Risk IR Number: FG-IR-17-137