FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-230
Final
1
1
2022-05-03T00:00:00
Current version
2022-05-03T00:00:00
2022-05-03T00:00:00
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
None
Information disclosure
FortiOS version 7.0.3 and below, FortiOS version 6.4.8 and below, FortiOS version 6.2.10 and below, FortiOS version 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, FortiProxy version 2.0.7 to 2.0.0.
Please upgrade to FortiOS version 7.0.4 or above Please upgrade to FortiOS version 6.4.9 or above Please upgrade to FortiOS version 6.2.11 or above Please upgrade to FortiProxy version 7.0.2 or above Please upgrade to FortiProxy version 2.0.8 or above
Fortinet is pleased to thank Tom Tervoort for bringing this issue to our attention under responsible disclosure.
FortiOS 7.0.3
FortiOS 7.0.2
FortiOS 7.0.1
FortiOS 7.0.0
FortiOS 6.4.8
FortiOS 6.4.7
FortiOS 6.4.6
FortiOS 6.4.5
FortiOS 6.4.4
FortiOS 6.4.3
FortiOS 6.4.2
FortiOS 6.4.1
FortiOS 6.4.0
FortiOS 6.2.10
FortiOS 6.2.9
FortiOS 6.2.8
FortiOS 6.2.7
FortiOS 6.2.6
FortiOS 6.2.5
FortiOS 6.2.4
FortiOS 6.2.3
FortiOS 6.2.2
FortiOS 6.2.1
FortiOS 6.2.0
FortiOS 6.0.18
FortiOS 6.0.17
FortiOS 6.0.16
FortiOS 6.0.15
FortiOS 6.0.14
FortiOS 6.0.13
FortiOS 6.0.12
FortiOS 6.0.11
FortiOS 6.0.10
FortiOS 6.0.9
FortiOS 6.0.8
FortiOS 6.0.7
FortiOS 6.0.6
FortiOS 6.0.5
FortiOS 6.0.4
FortiOS 6.0.3
FortiOS 6.0.2
FortiOS 6.0.1
FortiOS 6.0.0
FortiProxy 7.0.1
FortiProxy 7.0.0
FortiProxy 2.0.7
FortiProxy 2.0.6
FortiProxy 2.0.5
FortiProxy 2.0.4
FortiProxy 2.0.3
FortiProxy 2.0.2
FortiProxy 2.0.1
FortiProxy 2.0.0
FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form
CVE-2021-43081
FortiOS-7.0.3
FortiOS-7.0.2
FortiOS-7.0.1
FortiOS-7.0.0
FortiOS-6.4.8
FortiOS-6.4.7
FortiOS-6.4.6
FortiOS-6.4.5
FortiOS-6.4.4
FortiOS-6.4.3
FortiOS-6.4.2
FortiOS-6.4.1
FortiOS-6.4.0
FortiOS-6.2.10
FortiOS-6.2.9
FortiOS-6.2.8
FortiOS-6.2.7
FortiOS-6.2.6
FortiOS-6.2.5
FortiOS-6.2.4
FortiOS-6.2.3
FortiOS-6.2.2
FortiOS-6.2.1
FortiOS-6.2.0
FortiOS-6.0.18
FortiOS-6.0.17
FortiOS-6.0.16
FortiOS-6.0.15
FortiOS-6.0.14
FortiOS-6.0.13
FortiOS-6.0.12
FortiOS-6.0.11
FortiOS-6.0.10
FortiOS-6.0.9
FortiOS-6.0.8
FortiOS-6.0.7
FortiOS-6.0.6
FortiOS-6.0.5
FortiOS-6.0.4
FortiOS-6.0.3
FortiOS-6.0.2
FortiOS-6.0.1
FortiOS-6.0.0
FortiProxy-7.0.1
FortiProxy-7.0.0
FortiProxy-2.0.7
FortiProxy-2.0.6
FortiProxy-2.0.5
FortiProxy-2.0.4
FortiProxy-2.0.3
FortiProxy-2.0.2
FortiProxy-2.0.1
FortiProxy-2.0.0
6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:W/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-21-230
FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form
Reference>