Fortinet FortiOS 5.x < 5.4.8 / 5.6.x < 5.6.3 HTTP Host Header XSS(FG-IR-17-262)
Medium Nessus Plugin ID 106583
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Fortinet FortiOS running on the remote device is 5.x prior to 5.4.8, or 5.6.x prior to 5.6.3. It is, therefore, affected by a Cross-site Scripting (XSS) vulnerability that would allow an attacker to inject an HTML request through the 'Host' headers of the web proxy disclaimer page.
Note that Nessus has not checked for the workaround.
SolutionUpgrade to Fortinet FortiOS version 5.4.8 / 5.6.3 or later.