PT-2020-22818 · Fortinet · Fortiproxy+1
Published
2020-09-16
·
Updated
2025-03-17
·
CVE-2019-15706
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FortiProxy versions 1.2.9 and below, version 2.0.0
FortiOS versions 5.6.12, 6.0.8 and below, 6.2.1 and below
Description
The issue is related to an improper neutralization of input during web page generation in the SSL VPN portal, which may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS).
Recommendations
For FortiProxy version 2.0.0, update to a version that fixes the improper neutralization of input issue.
For FortiProxy versions 1.2.9 and below, update to a version that fixes the improper neutralization of input issue.
For FortiOS versions 5.6.12, 6.0.8 and below, 6.2.1 and below, update to a version that fixes the improper neutralization of input issue.
As a temporary workaround, consider restricting access to the SSL VPN portal to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortiproxy