Cross site scripting vulnerability in SSL VPN web UI

Fortiguard Security Advisory

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS and FortiProxy’s web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via social engineering the targeted user into bookmarking a malicious samba server, then opening the bookmark.


Leave a Reply

Your email address will not be published. Required fields are marked *