FortiCloud XSS vulnerability in on-demand sandbox GUI
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-17-259
Final
1
1
2017-12-08T00:00:00
Current version
2017-12-08T00:00:00
2017-12-08T00:00:00
Before Dec 5th, 2017, a Cross-Site-Scripting (XSS) vulnerability in forticloud.com on-demand sandbox GUI may have allowed an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the upload of a maliciously crafted file.
Cross-site Scripting (XSS)
FortiCloud 3.2.0 and below (Before Dec 5, 2017)
FortiCloud 3.2.1 (Online since Dec 5, 2017)
Fortinet is pleased to thank Mohamed KEFFOUS of SOGETI for reporting this vulnerability under responsible disclosure.
FortiCloud 3.2.0
FortiCloud XSS vulnerability in on-demand sandbox GUI
FortiCloud-3.2.0
0
https://fortiguard.fortinet.com/psirt/FG-IR-17-259
FortiCloud XSS vulnerability in on-demand sandbox GUI
Reference>