FortiAnalyzer - XSS vulnerability
Summary
An improper neutralization of input during web page generation [CWE-79] in FortiAnalyzer may allow an attacker to perform a stored Cross Site Scripting (XSS) attack via specifically crafted requests to the web GUI.
Affected Products
FortiAnalyzer versions 6.0.6 and below.
FortiAnalyzer version 6.4.4.
Solutions
Please upgrade to FortiAnalyzer version 6.0.7 or above.
Please upgrade to FortiAnalyzer version 6.2.0 or above.
Please upgrade to FortiAnalyzer version 6.4.0 to 6.4.3, 6.4.5 or above.