FortiManager and FortiAnalyzer Persistent XSS vulnerability
Summary
When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentially enables stored XSS attacks.
Impact Detail
NOT RENDERED BY THE CMSÂ
Affected Products
FortiManager/FortiAnalyzer: 5.0.0 - 5.0.11, 5.2.0 - 5.2.5
Solutions
Upgrade to:
FortiManager/FortiAnalyzerÂ
5.4.0 and above
5.2.6 and above
Acknowledgement
Fortinet is pleased to thank Vulnerability Lab for reporting a FortiManager/FortiAnalyzer vulnerability under responsible disclosure. Â