FortiDeceptor - Reflected XSS vulnerability on Lure Resources page
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
Version | Affected | Solution |
---|---|---|
FortiDeceptor 4.3 | Not affected | Upgrade to 4.3.0 or above |
FortiDeceptor 4.2 | 4.2.0 | Upgrade to 4.2.1 or above |
FortiDeceptor 4.1 | 4.1.0 through 4.1.1 | Upgrade to 4.1.2 or above |
FortiDeceptor 4.0 | 4.0.2 | Upgrade to 4.0.3 or above |