PSIRT Advisories
FortiADC - Persistent XSS in Log pages
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via HTTP fields observed in the traffic and event logviews.
Affected Products
FortiADC version 7.0.0 through 7.0.2FortiADC version 6.2.0 through 6.2.3
Solutions
Please upgrade to FortiADC version 7.1.0 or abovePlease upgrade to FortiADC version 7.0.3 or above
Please upgrade to FortiADC version 6.2.4 or above