Summary
Authenticated administrative users can store injected Javascript content into a specific field on the web management interface. This Javascript may be evaluated in the context of another administrative user browsing to the affected web page.
Solution
Upgrade to FortiWeb 5.0.4 or higher.
Affected
FortiWeb 5.0.3 and lower.
Detection
Check the version
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1458 -
CVSS Base Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N
Related Vulnerabilities