CVE-2019-5594

Name of the Vulnerable Software and Affected Versions Fortinet FortiNAC versions 8.3.0 through 8.3.6 Fortinet FortiNAC version 8.5.0

Description The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, in the admin webUI of Fortinet FortiNAC. This may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For Fortinet FortiNAC versions 8.3.0 through 8.3.6, consider disabling the search field in the webUI as a temporary workaround until a patch is available. For Fortinet FortiNAC version 8.5.0, consider restricting access to the admin webUI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.