CVE-2020-12815

Name of the Vulnerable Software and Affected Versions FortiTester versions prior to 3.9.0

Description The issue is related to an improper neutralization of input, which may allow a remote authenticated attacker to inject script-related HTML tags via IPv4/IPv6 address fields. This could potentially enable cross-site scripting attacks.

Recommendations For FortiTester versions prior to 3.9.0, update to version 3.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPv4/IPv6 address fields to minimize the risk of exploitation.