Fortinet FortiAnalyzer FortiOS 5.0.x < 5.0.11 / 5.2.x < 5.2.2 Dataset Reports XSS
Medium Nessus Plugin ID 86470
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe Fortinet FortiAnalyzer FortiOS version running on the remote host is 5.0.x prior to 5.0.11 or 5.2.x prior to 5.2.2. It is, therefore, affected by a cross-site scripting vulnerability in the advanced dataset reports page due to a failure to properly sanitize user-supplied input to the 'sql-query' GET parameter before returning it to users. An unauthenticated, remote attacker can exploit this, via a crafted request, to execute arbitrary script code or HTML in the user's browser session.
SolutionUpgrade to Fortinet FortiOS version 5.0.11 / 5.2.2.