CVE-2020-15937

Name of the Vulnerable Software and Affected Versions FortiGate versions 6.2.x through 6.2.4 FortiGate versions 6.4.x through 6.4.0

Description The issue is related to an improper neutralization of input, which may allow a remote attacker to perform a stored cross-site scripting attack (XSS) via the IPS and WAF logs dashboard. This could potentially enable an attacker to execute malicious scripts on the web page.

Recommendations For FortiGate versions 6.2.x through 6.2.4, update to version 6.2.5 or later. For FortiGate versions 6.4.x through 6.4.0, update to version 6.4.1 or later. As a temporary workaround, consider restricting access to the IPS and WAF logs dashboard until a patch is available.