CVE-2021-43080

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.0 through 6.4.9 FortiOS versions 7.0.0 through 7.0.5 FortiOS version 7.2.0

Description The issue is related to an improper neutralization of input during web page generation, which may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack. This attack can be performed through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.

Recommendations For FortiOS versions 6.4.0 through 6.4.9, update to a version that fixes this issue. For FortiOS versions 7.0.0 through 7.0.5, update to a version that fixes this issue. For FortiOS version 7.2.0, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Threat Feed IP address section of the Security Fabric External connectors to minimize the risk of exploitation.