An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 up to and including 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortideceptor 4.1.0 |
||
fortinet fortideceptor 4.1.1 |
||
fortinet fortideceptor 4.2.0 |
||
fortinet fortideceptor 4.0.2 |