Published: 14/03/2025 Updated: 14/03/2025

Cross-Site Scripting Vulnerability in FortiOS and FortiProxy Web SSL VPN UI

A Cross-Site Scripting (XSS) vulnerability exists in FortiOS and FortiProxy web SSL VPN UI across multiple versions. Specifically, the vulnerability affects FortiOS versions 7.4.3 and below, 7.2.7 and below, and 7.0.13 and below, as well as FortiProxy versions 7.4.3 and below, 7.2.9 and below, and 7.0.16 and below. The issue stems from improper neutralization of input during web page generation, which could enable a remote unauthenticated attacker to conduct a Cross-Site Scripting attack by leveraging a malicious samba server.

Please upgrade to FortiProxy version 7.4.4 or above
Please upgrade to FortiProxy version 7.2.10 or above
Please upgrade to FortiProxy version 7.0.17 or above
Please upgrade to FortiOS version 7.4.4 or above
Please upgrade to FortiOS version 7.2.8 or above
Please upgrade to FortiOS version 7.0.14 or above

Vulnerable Product	Search on Vulmon	Subscribe to Product
fortinet fortios 7.4.3
fortinet fortios 7.4.2
fortinet fortios 7.4.1
fortinet fortios 7.4.0
fortinet fortios 7.2.7
fortinet fortios 7.2.6
fortinet fortios 7.2.5
fortinet fortios 7.2.4
fortinet fortios 7.2.3
fortinet fortios 7.2.2
fortinet fortios 7.2.1
fortinet fortios 7.2.0
fortinet fortios 7.0.13
fortinet fortios 7.0.12
fortinet fortios 7.0.11
fortinet fortios 7.0.10
fortinet fortios 7.0.9
fortinet fortios 7.0.8
fortinet fortios 7.0.7
fortinet fortios 7.0.6
fortinet fortios 7.0.5
fortinet fortios 7.0.4
fortinet fortios 7.0.3
fortinet fortios 7.0.2
fortinet fortios 7.0.1
fortinet fortios 7.0.0
fortinet fortios 6.4.15
fortinet fortios 6.4.14
fortinet fortios 6.4.13
fortinet fortios 6.4.12
fortinet fortios 6.4.11
fortinet fortios 6.4.10
fortinet fortios 6.4.9
fortinet fortios 6.4.8
fortinet fortios 6.4.7
fortinet fortios 6.4.6
fortinet fortios 6.4.5
fortinet fortios 6.4.4
fortinet fortios 6.4.3
fortinet fortios 6.4.2
fortinet fortios 6.4.1
fortinet fortios 6.4.0
fortinet fortiproxy
fortinet fortios

Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Citrix, SAP also deserve your attention – because miscreants are already thinking about Exploit Wednesday

Patch Tuesday Clear your Microsoft system administrator's diary: The bundle of fixes in Redmond's July Patch Tuesday is a doozy, with at least two bugs under active exploitation. Tuesday's software updates address 139 Microsoft CVEs. The first of two vulnerabilities for sure under active exploit – CVE-2024-38080 – is a Windows Hyper-V elevation of privilege flaw with a 7.8-out-of-10 CVSS rating, which Microsoft deemed "important." We don't know how widespread exploitation is of this one, tho...

CVE-2024-26006

Vulnerability Summary

Solution

Recent Articles

References

Vulmon Search

About

Products

Connect