Vulnerability
Description
FortiWeb is a web application firewall (WAF) that protects web applications and APIs from known and unknown exploits.
FortiWeb v6.3.x-6.2.x are vulnerable to reflected cross site scripting(XSS) attacks. A remote attacker can perform this attack by injecting malicious payload in different vulnerable API end-points in FortiWeb GUI interface 6.3.0, 6.3.7 and version before 6.2.4 due to improper neutralization of input during web page generation.
Recommendation
- Update FortiWeb to the latest version
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
