Multiple Stored and Reflected XSS
Summary
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
Affected Products
FortiNAC version 9.4.0 through 9.4.1
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions
FortiNAC 8.3 all versions
Solutions
Please upgrade to FortiNAC-F version 7.2.0 or above
Please upgrade to FortiNAC version 9.4.2 or above