Reflected XSS vulnerability on Lure Resources page


An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

Version Affected Solution
FortiDeceptor 4.3 Not affected Not Applicable
FortiDeceptor 4.2 4.2.0 Upgrade to 4.2.1 or above
FortiDeceptor 4.1 4.1.0 through 4.1.1 Upgrade to 4.1.2 or above
FortiDeceptor 4.0 4.0.2 Upgrade to 4.0.3 or above