CVE-2013-1471

Name of the Vulnerable Software and Affected Versions Fortinet FortiMail versions prior to 4.3.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow user-assisted remote attackers to inject arbitrary web script or HTML. The vulnerabilities can be exploited via the Add field for the Black List under Antispam Management User Preferences or the User name field for the Personal Black/White List in the AntiSpam section.

Recommendations For Fortinet FortiMail versions prior to 4.3.4, update to version 4.3.4 or later to resolve the issue. As a temporary workaround, consider restricting user input in the Add field for the Black List and the User name field for the Personal Black/White List to minimize the risk of exploitation.