Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

FortiWeb 5.x < 5.2.1 Multiple XSS Vulnerabilities

Medium

Synopsis

The remote host is affected by a cross-site scripting vulnerability.

Description

The remote host is running FortiWeb 5.x prior to 5.2.1. It is, therefore, affected by multiple cross-site scripting (XSS) vulnerabilities in the web management interface URLs '/user/ldap_user/check_dlg' and '/user/radius_user/check_dlg' due to insufficient parameter input validation. Under specific conditions, a remote attacker could execute arbitrary JavaScript code within an administrative browser session.

Solution

Upgrade to FortiWeb version 5.2.1 or later.