Fortinet FortiOS 5.0.x / 5.2.x < 5.2.11 'global-label' Parameter XSS (FG-IR-17-057)
Low Nessus Plugin ID 100384
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Fortinet FortiOS running on the remote device is 5.0.x or 5.2.x prior to 5.2.11. It is, therefore, affected by a stored cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input to the 'global-label' parameter. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Fortinet FortiOS version 5.2.11 or later.