PSIRT Advisories
FortiDeceptor - Reflected XSS vulnerability on Lure Resources page
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
Affected Products
FortiDeceptor version 4.2.0FortiDeceptor version 4.1.0 through 4.1.1
FortiDeceptor version 4.0.2
Solutions
Please upgrade to FortiDeceptor version 4.3.0 or abovePlease upgrade to FortiDeceptor version 4.2.1 or above
Please upgrade to FortiDeceptor version 4.1.2 or above
Please upgrade to FortiDeceptor version 4.0.3 or above