Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail prior to 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote malicious users to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortimail 3.0 |
||
fortinet fortimail 4.0 |
||
fortinet fortimail |