Fortinet FortiADC Model D < 4.2 Theme Login Page XSS
Medium Nessus Plugin ID 88840
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe remote FortiADC Model D device is running a software version less than 4.2. It is, therefore, affected by a cross-site scripting vulnerability due to improper validation of user-supplied input to the theme login page. An attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Fortinet FortiADC version 4.2 or later.