FortiWeb 4.x / 5.x < 5.0.3 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8670
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host is running FortiWeb 4.x / 5.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities :
- FortiWeb is affected by a cross-site scripting vulnerability due to a failure to sanitize user-supplied input. (CVE-2014-1955)
- FortiWeb is affected by an unspecified HTTP header injection vulnerability. (CVE-2014-1956)
- FortiWeb is affected by an unspecified privilege escalation vulnerability. (CVE-2014-1957)
SolutionUpgrade to 5.0.3 or later.