CVE-2021-22122

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.3.0 through 6.3.7 FortiWeb versions prior to 6.2.4

Description The issue is related to an improper neutralization of input during web page generation in the FortiWeb GUI interface. This may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.

Recommendations For FortiWeb versions 6.3.0 through 6.3.7, update to a version outside of this range to resolve the issue. For FortiWeb versions prior to 6.2.4, update to version 6.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API end-points until a patch is available.