FortiWLM - stored cross-site scripting in hotspot profile controller

2021-12-0700:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

29.5%

JSON

An improper neutralization of input during web page generation vulnerability (‘Cross-site Scripting’) [CWE-79] in FortiWLM may allow an authenticated attacker to perform a stored cross site scripting attack (XSS) via storing malicious payloads and trigger the attack on victim’s client via various endpoints.

CPENameOperatorVersion
fortiwlmeq8.6.1
fortiwlmeq8.6.0
fortiwlmeq8.5.4
fortiwlmeq8.5.3
fortiwlmeq8.5.2
fortiwlmeq8.5.1
fortiwlmeq8.5.0
fortiwlmeq8.4.2
fortiwlmeq8.4.1
fortiwlmeq8.4.0

Name	Operator	Version
fortiwlm	eq	8.6.1
fortiwlm	eq	8.6.0
fortiwlm	eq	8.5.4
fortiwlm	eq	8.5.3
fortiwlm	eq	8.5.2
fortiwlm	eq	8.5.1
fortiwlm	eq	8.5.0
fortiwlm	eq	8.4.2
fortiwlm	eq	8.4.1
fortiwlm	eq	8.4.0

Rows per page:

1-10 of 141

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for FG-IR-21-114