N/A

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

N/A

Fortinet FortiProxy SSL VPN跨站脚本漏洞

Fortinet FortiProxy SSL VPN是美国 （Fortinet）公司的一个应用软件。提供了一个入侵检测功能。 Fortinet FortiProxy SSL VPN2.0.0 - 7.0.1 版本存在跨站脚本漏洞，该漏洞源于用户提供的数据未充分清理。远程攻击者利用此漏洞可以窃取潜在的敏感信息、更改网页的外观、执行网络钓鱼和偷渡式下载攻击。

N/A

N/A