FortiOS: FortiWeb Cross-Site Scripting Vulnerability Network Vulnerability

Summary

Fortiweb 5.0.3 and earlier versions contain a cross-site scripting vulnerability. The filter parameter in the URL '/user/ldap_user/add' is vulnerable to cross-site scripting attack.

Impact

A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.

Solution

Upgrade to FortiWeb 5.1.0 or higher.

Affected

FortiWeb 5.0.3 and lower.

Detection

Check the version

References

http://www.fortiguard.com/advisory/FG-IR-14-002/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-7181

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

FortiOS: Multiple Vulnerabilities in OpenSSL
FortiOS: FortiWeb Cross-Site Request Forgery Vulnerability
FortiOS: Multiple Vulnerabilities in OpenSSL
FortiOS: FortiWeb Multiple Vulnerabilities
FortiOS: FortiGate Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities