CVE-2015-1880

Name of the Vulnerable Software and Affected Versions FortiOS versions 5.2.x through 5.2.2

Description The issue is related to a cross-site scripting (XSS) vulnerability in the sslvpn login page. This vulnerability is caused by insufficient protection of the web page structure, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The exploitation of this issue may enable a remote attacker to inject arbitrary JavaScript or HTML code.

Recommendations For FortiOS versions 5.2.x through 5.2.2, update to version 5.2.3 or later to resolve the issue.