Fortinet FortiOS Log File XSS

2003-10-03T08:19:51
ID OSVDB:2641
Type osvdb
Reporter OSVDB
Modified 2003-10-03T08:19:51

Description

Vulnerability Description

FortiGate contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate denied sites upon submission to the logs. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

Solution Description

Upgrade to version 2.50 MR4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FortiGate contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate denied sites upon submission to the logs. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

References:

Vendor URL: http://www.fortinet.com/ Secunia Advisory ID:9932 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0002.html ISS X-Force ID: 13346 Bugtraq ID: 8750