CVE-2013-7182

Name of the Vulnerable Software and Affected Versions FortiOS versions 5.0.5

Description The issue is caused by insufficient protection of the web page structure in the FortiOS operating system, specifically in the firewall/schedule/recurrdlg component. This allows a remote attacker to inject arbitrary JavaScript or HTML code through the mkey parameter, resulting in a cross-site scripting (XSS) vulnerability.

Recommendations For FortiOS version 5.0.5, consider restricting access to the vulnerable firewall/schedule/recurrdlg component until a patch is available. As a temporary workaround, avoid using the mkey parameter in the affected web interface to minimize the risk of exploitation.