FortiWeb < 5.2.0 Multiple XSRF Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8668
SynopsisThe remote host is affected by multiple cross-site request forgery vulnerabilities.
DescriptionThe remote host running FortiWeb prior to 5.2.0. It is, therefore, affected by multiple cross-site request forgery (XSRF) vulnerabilities in the web UI due to a lack of XSRF token protection. A remote, unauthenticated attacker could potentially exploit this vulnerability to perform administrative actions.
SolutionUpgrade to FortiWeb version 5.2.0 or later.