FortiWeb - Reflected cross-site scripting in error controllers
Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...