An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 up to and including 7.0.3, 6.3.0 up to and including 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote malicious user to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiweb |