XSS vulnerability in FortiClientEMS


An Improper Neutralization of Input During Web Page Generation in FortiClientEMS may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.

Affected Products

FortiClientEMS version 6.2.0 and below.


Please upgrade to version 6.2.1 and above.


Fortinet is pleased to thank Artem Dimitriev for reporting this issue under responsible disclosure.