Critical Infrastructure Sectors: Energy
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 up to and including 7.2.3, version 7.0.0 up to and including 7.0.9, version 6.4.0 up to and including 6.4.11 and prior to 6.2.12 and FortiProxy version 7.2.0 up to and including 7.2.1 and prior to 7.0.7 allows an unauthenticated malicious user to perform an XSS attack via crafted HTTP GET requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiproxy |
||
fortinet fortios |