CVE-2014-0331

Name of the Vulnerable Software and Affected Versions FortiADC versions prior to 3.2.1

Description A cross-site scripting (XSS) issue exists in the web administration interface, allowing remote attackers to inject arbitrary web script or HTML via the locale parameter to the "gui partA/" endpoint.

Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "gui partA/" endpoint until the update is applied. Avoid using the locale parameter in the affected endpoint until the issue is resolved.