FortiOS stored XSS vulnerability in the policy global-label parameter
Summary
FortiOS is subject to a Cross-Site Scripting vulnerability, due to an improperly sanitized parameter in a hidden CLI configuration setting named 'global-label' . This can however only be exploited by an administrator with write privileges.
Affected Products
FortiOS versions 5.2.0 through 5.2.10
FortiOS 5.0 all versions
FortiOS version 4.3.x is NOT vulnerable
Solutions
Please upgrade to FortiOS versions 5.2.11 or above.
Please upgrade to FortiOS versions 5.4.0 or above.