PSIRT Advisories

FortiEDR - Cross Site Scripting (XSS) vulnerabilities over the Management Console

Summary

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiEDR Central Manager may allow a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) via injecting a malicious payload into the Management Console through various endpoints.

Affected Products

At least
FortiEDR Central Manager version 4.0.0
FortiEDR Central Manager version 5.0.0 through 5.0.3 Patch 6
FortiEDR Central Manager version 5.1.0

Solutions

Please upgrade FortiEDR Central Manager to version 5.2.0 and above,

Please upgrade FortiEDR Central Manager to version 5.0.3 Patch 7 and above.