FortiCASB data pattern name XSS vulnerability
Failure to sanitize input in the customized data pattern webpage of FortiCASB may allow an authenticated attacker to conduct a stored XSS attack via the name parameter.
FortiCASB all versions below 4.1.0
FortiCASB had been upgraded to 4.1.0 to address this issue.
Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.