XSS vulnerability in FortiAuthenticator OWA Agent
SummaryAn improper neutralization of input during web page generation in FortiAuthenticator Agent for Outlook Web Access may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page.
FortiAuthenticator Agent for Outlook Web Access v1.5 and below
SolutionsUpgrade the FortiAuthenticator Agent for Outlook Web Access on your Microsoft Exchange servers to v1.6. The installer is available for download from within the administrative web interface of FortiAuthenticator 6.0.1 or greater; however it is not necessary to upgrade your FortiAuthenticator to resolve this issue.
Customers who do not want to upgrade their FortiAuthenticator appliance or who do not have a spare lab unit are advised to contact their Fortinet support engineer in order to obtain the FortiAuthenticator Agent for Outlook Web Access v1.6 installer.
To contact Fortinet support team please follow this link: