Cross-site scripting (XSS) vulnerability via DHCP Hostname parameter

2018-11-16T00:00:00
ID FG-IR-18-121
Type fortinet
Reporter FortiGuard Labs
Modified 2018-11-16T00:00:00

Description

An attacker could send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).