FortiOS XSS via srcintf during Firewall Policy Creation


An XSS vulnerability caused by the scrintf parameter input during Firewall Policy Creation can be exploited to load and run a remote (malicious) Javascript in a logged in browser.

Affected Products

FortiOS versions 5.2.0 to 5.2.10


Upgrade to FortiOS version 5.2.11


Fortinet is pleased to thank independent researcher Amir Morshedizadeh for reporting this vulnerability under responsible disclosure.