Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 up to and including 5.2.15, 5.4.0 up to and including 5.4.13, 5.6.0 up to and including 5.6.14, 6.0.0 up to and including 6.0.12, 6.2.0 up to and including 6.2.7, 6.4.0 up to and including 6.4.4; and FortiProxy 1.2.0 up to and including 1.2.9, 2.0.0 up to and including 2.0.1 may allow a remote unauthenticated malicious user to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortiproxy 2.0.0 |
||
fortinet fortiproxy 2.0.1 |
||
fortinet fortios |