Overview :
An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauthenticated attacker to perform a cross site scripting attack (XSS) via a parameter of the request. An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS).
Affected Product(s) :
-
FortiWeb Versions 6.0.5 and below.
-
FortiWeb Versions 6.1.1 and below.
-
FortiWeb Version 6.2.0.
Vulnerability Details :
-
CVE-2019-16156
Solution :
-
Please upgrade to FortiWeb versions 6.0.6 or above
-
Please upgrade to FortiWeb versions 6.1.2 or above
-
Please upgrade to FortiWeb versions 6.2.1 or above
Acknowledgement :
Fortinet is pleased to thank Pablo Arriaga Perez from Government of Navarre and S21sec for reporting this vulnerability under responsible disclosure.
