CVE-2024-31488

Name of the Vulnerable Software and Affected Versions FortiNAC versions 7.2.0 through 7.2.3 FortiNAC versions 8.7.0 through 8.7.6 FortiNAC versions 8.8.0 through 8.8.11 FortiNAC versions 9.1.0 through 9.1.10 FortiNAC versions 9.2.0 through 9.2.8 FortiNAC versions 9.4.0 through 9.4.4

Description The issue is related to an improper neutralization of inputs during web page generation, which may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attacks via crafted HTTP requests.

Recommendations For FortiNAC versions 7.2.0 through 7.2.3, update to a version outside of this range to mitigate the risk. For FortiNAC versions 8.7.0 through 8.7.6, update to a version outside of this range to mitigate the risk. For FortiNAC versions 8.8.0 through 8.8.11, update to a version outside of this range to mitigate the risk. For FortiNAC versions 9.1.0 through 9.1.10, update to a version outside of this range to mitigate the risk. For FortiNAC versions 9.2.0 through 9.2.8, update to a version outside of this range to mitigate the risk. For FortiNAC versions 9.4.0 through 9.4.4, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to crafted HTTP requests to minimize the risk of exploitation.