Name of the Vulnerable Software and Affected Versions FortiOS (affected versions not specified)

Description The issue is related to errors in filtering HTTP request data in the /api/cmdb page handler of the FortiOS web interface. Exploitation of this issue could allow a remote attacker to perform cross-site scripting attacks by sending a specially crafted POST request to the /api/cmdb page to save a backup of the FortiGate application settings and then carry out the attack when the administrator opens the web interface to load the backup settings.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.