CVE-2017-3131

Name of the Vulnerable Software and Affected Versions: FortiOS versions 5.4.0 through 5.4.4 FortiOS version 5.6.0

Description: The issue is related to a Cross-Site Scripting vulnerability that allows attackers to execute unauthorized code or commands. This is caused by insufficient protection of the web page structure in the FortiView component of the FortiOS web interface. An attacker can exploit this vulnerability by using the filter input in "Applications" under FortiView to inject arbitrary JavaScript or HTML code.

Recommendations: For FortiOS versions 5.4.0 through 5.4.4, consider disabling the filter input in "Applications" under FortiView as a temporary workaround until a patch is available. For FortiOS version 5.6.0, restrict access to the FortiView component to minimize the risk of exploitation. Avoid using the filter input in the affected FortiView "Applications" section until the issue is resolved.