An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
|FortiDeceptor 4.3||Not affected||Upgrade to 4.3.0 or above|
|FortiDeceptor 4.2||4.2.0||Upgrade to 4.2.1 or above|
|FortiDeceptor 4.1||4.1.0 through 4.1.1||Upgrade to 4.1.2 or above|
|FortiDeceptor 4.0||4.0.2||Upgrade to 4.0.3 or above|