FortiProxy multiple pre-auth XSS vulnerabilities on SSL VPN
Summary
An Improper Neutralization of Input During Web Page Generation in the SSL VPN portal of FortiProxy may allow an unauthenticated, remote attacker to perform a reflected Cross Site Scripting attack (XSS) by injecting malicious payload in the error, message or redir parameters.
Affected Products
FortiProxy version 2.0.0
FortiProxy versions 1.2.8 and below.
FortiProxy versions 1.1 all versions
FortiProxy versions 1.0 all versions
Solutions
Please upgrade to FortiProxy versions 2.0.1 or above. Please upgrade to FortiProxy versions 1.2.9 or above.