FortiCASB data pattern name XSS vulnerability


Failure to sanitize input in the customized data pattern webpage of FortiCASB  may allow an authenticated attacker to conduct a stored XSS attack via the name parameter.

Affected Products

FortiCASB all versions below 4.1.0


FortiCASB had been upgraded to 4.1.0 to address this issue.


Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.