| IR Number | FG-IR-20-199 |
| Date | Jun 1, 2021 |
| Component | GUI |
| Severity |
Medium |
| CVSSv3 Score | 4.6 |
| Impact | Execute unauthorized code or commands. |
| CVE ID | CVE-2021-26092 |
| Affected Products |
FortiProxy
:
2.0.1, 2.0.0, 1.2.9, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0
FortiOS
:
6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.14, 5.6.13, 5.6.12, 5.6.11, 5.6.10, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10
|
| CVRF | Download |
| Language |
Refine Search
PSIRT Advisories
FortiOS/FortiProxy - SSL VPN portal is vulnerable to an XSS
Summary
Failure to sanitize input in the SSL VPN web portal may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.
Affected Products
FortiGate versions 5.6.13 and below.
FortiGate versions 6.0.12 and below.
FortiGate versions 6.2.7 and below.
FortiGate versions 6.4.5 and below.
FortiProxy version 2.0.0 through 2.0.1
FortiProxy version 1.2.0 through 1.2.9
Solutions
Please upgrade to FortiGate version 6.0.13 or above.
Please upgrade to FortiGate version 6.2.8 or above.
Please upgrade to FortiGate version 6.4.6 or above.
Please upgrade to FortiGate version 7.0.0 or above.
For new high-end F-Series Models (FG-1800F, FG-3800F, FG-4200F, FG-4400F) please upgrade to 6.2.9
Please upgrade to FortiProxy version 2.0.2 or above.
Please upgrade to FortiProxy version 1.2.10 or above.