Fortinet FortiOS 5.2.x < 5.2.23 / 5.4.x < 5.4.6 / 5.6.x < 5.6.1 Web Proxy Disclaimer Response Page Reflected XSS (FG-IR-17-168)
Medium Nessus Plugin ID 104657
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Fortinet FortiOS running on the remote device is 5.2.x prior to 5.2.12, 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1. It is, therefore, affected by a flaw in the web proxy disclaimer response page input validation that allows a reflected cross-site scripting (XSS) attack.
SolutionUpgrade to Fortinet FortiOS version 5.2.12 / 5.4.6 / 5.6.1 or later.