TTCSIRT-305.041020: TT-CSIRT ADVISORY- XSS VULNERABILITY IN THE DASHBOARD NAME PARAMETER OF FortiADC
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
Impact: Execute Unauthorized Code or Commands
Affected Products:
FortiADC version 5.3.4 and below
FortiADC version 5.4.0 and below
Solutions: Upgrades to FortiADC versions 5.3.5 or above and FortiADC version 5.4.1 or above.
The Trinidad and Tobago Cyber Security Incident Response Team (CSIRT) encourages users and administrators to review and apply the necessary updates.
Kindly review the following link for further reference: