CVE-2015-3626

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 5.2.4

Description The issue is related to a cross-site scripting (XSS) vulnerability in the DHCP Monitor page of the Web User Interface (WebUI) in FortiOS. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted hostname, potentially enabling them to execute malicious JavaScript code. The vulnerability is caused by insufficient protection of the web page structure.

Recommendations For versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the DHCP Monitor page in the WebUI to minimize the risk of exploitation.