Stored XSS under CA and CRL certificate view page
Cross-site Scripting (XSS)
FortiManager 6.0.0, 5.6.4 and below.
FortiAnalyzer 6.0.0, 5.6.4 and below.
FortiManager: upgrade to 5.6.5 or 6.0.1
FortiAnalyzer: upgrade to 5.6.5 or 6.0.1
Restrain from uploading untrusted CA and CRL certificates and/or check the CA and CRL certificate content before uploading.
Fortinet is pleased to thank independent researcher Hassan Kooshkaki and independent researcher Farid Heydari reporting this vulnerability under responsible disclosure.