CVE-2012-6346

Name of the Vulnerable Software and Affected Versions FortiWeb versions prior to 4.4.4

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the redir or mkey parameter to "waf/pcre expression/validate".

Recommendations For versions prior to 4.4.4, update to version 4.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the "waf/pcre expression/validate" endpoint to minimize the risk of exploitation. Avoid using the redir and mkey parameters in the affected endpoint until the issue is resolved.