PSIRT Advisory

XSS Vulnerability in FortiWeb Site Publisher

Summary

The Site Publisher functionality of FortiWeb has been found vulnerable to a Cross-Site Scripting vulnerability via an improperly sanitized parameter in a POST request.

Impact

Execute unauthorized code or commands

Affected Products

FortiWeb versions below 5.7.1

Solutions

Upgrade to FortiWeb version 5.8.0