XSS Vulnerability in Disclaimer Description of a Replacement Message in FortiWeb
An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
Unauthorized code execution
FortiWeb version 6.2.2 and below.
FortiWeb version 6.3.0.
Please upgrade to FortiWeb version 6.2.3 or above
Please upgrade to FortiWeb version 6.3.1 or above
Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.