CVE-2017-3133

Name of the Vulnerable Software and Affected Versions: FortiOS versions 5.6.0 and earlier

Description: The issue is related to a Cross-Site Scripting vulnerability in the Replacement Message HTML for SSL-VPN, which is caused by insufficient protection of the web page structure. This allows an attacker to execute unauthorized code or commands. Exploitation of the vulnerability may enable a remote attacker to inject arbitrary JavaScript or HTML code.

Recommendations: For FortiOS versions 5.6.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.