Critical Infrastructure Sectors: Energy
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 up to and including 7.2.4, 7.0.0 up to and including 7.0.10 and FortiOS 7.2.0 up to and including 7.2.4, 7.0.0 up to and including 7.0.11, 6.4.0 up to and including 6.4.12, 6.2.0 up to and including 6.2.14 GUI may allow an authenticated malicious user to trigger malicious JavaScript code execution via crafted guest management setting.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortios |
||
fortinet fortiproxy |