An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 up to and including 6.4.4, 6.3.0 up to and including 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated malicious user to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiauthenticator |