Description
FortiWeb 5.0.2 and lower are vulnerable to cross-site scripting (CVE-2014-1955), HTTP header injection (CVE-2014-1956) and privilege escalation (CVE-2014-1957) issues.
Impact Detail
A remote unauthenticated attacker may be able to execute arbitrary JavaScript in the context of the administrator's browser session. In addition, authenticated users may be able to escalate their privileges.
Affected Products
FortiWeb 4.4.7 and lower.FortiWeb 5.0.2 and lower.
Solutions
Upgrade to FortiWeb 5.0.3 or higher.
Acknowledgement
Robert van Hamburg of Intermax Security