FortiOS XSS via srcintf during Firewall Policy Creation
Summary
An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and run a remote (malicious) Javascript in a logged in browser.
Affected Products
FortiOS versions 5.2.0 to 5.2.10Solutions
Upgrade to FortiOS version 5.2.11Acknowledgement
Fortinet is pleased to thank independent researcher Amir Morshedizadeh for reporting this vulnerability under responsible disclosure.