CVE-2023-37933

Name of the Vulnerable Software and Affected Versions: FortiADC versions 7.2.0 through 7.2.1 FortiADC version 7.4.0 FortiADC versions prior to 7.1.3

Description: The issue is related to an improper neutralization of input during web page generation, also known as 'Cross-site Scripting' [CWE-79]. This allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPS requests.

Recommendations: For FortiADC versions 7.2.0 through 7.2.1, consider disabling access to the GUI until a patch is available. For FortiADC version 7.4.0, restrict access to the vulnerable GUI components to minimize the risk of exploitation. For FortiADC versions prior to 7.1.3, avoid using the vulnerable GUI functionality until the issue is resolved. As a temporary workaround, consider disabling the vulnerable web page generation functionality until a patch is available.