FortiWebManager - Injection vulnerabilities
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device.
FortiWebManager version 6.2.3 and below.
FortiWebManager version 6.0.x.
Please upgrade to FortiWebManager version 6.2.4 or above.