CVE-2019-5590

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 6.0.2 and below

Description The issue allows an attacker to execute unauthorized code or commands via attack reports generated in HTML form due to the lack of encoding of the URL part of the report message. This may enable a remote attacker to perform Cross Site Scripting attacks. The vulnerability exists because of inadequate protection of the web page structure, which can be exploited to execute arbitrary code or commands.

Recommendations For Fortinet FortiWeb versions 6.0.2 and below, consider disabling the generation of attack reports in HTML form until a patch is available to prevent potential exploitation. Restrict access to the report generation feature to minimize the risk of unauthorized code execution.