CVE-2021-43081

Name of the Vulnerable Software and Affected Versions FortiOS versions prior to 7.0.3 FortiOS versions prior to 6.4.8 FortiOS versions prior to 6.2.10 FortiOS versions 6.0.0 through 6.0.14 FortiProxy versions prior to 7.0.1 FortiProxy versions 2.0.0 through 2.0.7

Description An improper neutralization of input during web page generation may allow an unauthenticated attacker to perform a cross-site scripting (XSS) attack via crafted HTTP GET requests. This issue affects the web filter override form in FortiOS and FortiProxy.

Recommendations For FortiOS versions prior to 7.0.3, update to a version above 7.0.3. For FortiOS versions prior to 6.4.8, update to a version above 6.4.8. For FortiOS versions prior to 6.2.10, update to a version above 6.2.10. For FortiOS versions 6.0.0 through 6.0.14, update to a version above 6.0.14. For FortiProxy versions prior to 7.0.1, update to a version above 7.0.1. For FortiProxy versions 2.0.0 through 2.0.7, update to a version above 2.0.7. As a temporary workaround, consider restricting access to the web filter override form until a patch is available.