CVE-2017-7732

Name of the Vulnerable Software and Affected Versions Fortinet FortiMail versions 5.1 and earlier, 5.2.0 through 5.2.9, 5.3.0 through 5.3.9

Description A reflected Cross-Site Scripting (XSS) issue allows an attacker to inject arbitrary web script or HTML via crafted HTTP requests on the customized pre-authentication webmail login page.

Recommendations For Fortinet FortiMail versions 5.1 and earlier, update to a version later than 5.1 to resolve the issue. For Fortinet FortiMail versions 5.2.0 through 5.2.9, update to a version later than 5.2.9 to resolve the issue. For Fortinet FortiMail versions 5.3.0 through 5.3.9, update to a version later than 5.3.9 to resolve the issue. As a temporary workaround, consider restricting access to the customized pre-authentication webmail login page to minimize the risk of exploitation.