Fortinet FortiOS 5.2.x < 5.2.11 srcintf XSS (FG-IR-17-017)
Low Nessus Plugin ID 99969
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Fortinet FortiOS running on the remote FortiGate device is 5.2.x prior to 5.2.11. It is, therefore, affected by a cross-site scripting (XSS) vulnerability when creating firewall policies due to improper validation of input related to srcintf before returning it to users. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to Fortinet FortiOS version 5.2.11 or later.