Fortinet FortiOS 5.x < 5.2.13 / 5.4.x < 5.4.7 / 5.6.x < 5.6.3 SSL VPN Web Portal login redir XSS(FG-IR-17-242)
Medium Nessus Plugin ID 104886
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Fortinet FortiOS running on the remote device is 5.0.x prior to 5.2.13, 5.4.x prior to 5.4.7, or 5.6.x prior to 5.6.3. It is, therefore, affected by Cross-site Scripting (XSS) vulnerability that may allow an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the login redir parameter.
Note that Nessus has not checked for special builds.
SolutionUpgrade to Fortinet FortiOS version 5.2.13 / 5.4.7 / 5.6.3 or later.