CVE-2013-7181

Name of the Vulnerable Software and Affected Versions FortiOS versions 5.0.3

Description The issue is related to a cross-site scripting vulnerability in the web interface of FortiOS, specifically in the "user/ldap user/add" endpoint. This vulnerability is caused by insufficient protection of the web page structure. It allows a remote attacker to inject arbitrary JavaScript or HTML code through the filter parameter.

Recommendations For FortiOS version 5.0.3, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the "user/ldap user/add" endpoint to minimize the risk of exploitation. Avoid using the filter parameter in the affected endpoint until the issue is resolved.