Multiple improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device’s error handlers.