CVE-2021-26087

Name of the Vulnerable Software and Affected Versions FortiWLC versions 8.6.0 and earlier FortiWLC versions 8.5.3 and below FortiWLC versions 8.4.8 and below FortiWLC version 8.3.3

Description The issue is related to an improper neutralization of input during web page generation in the FortiWLC web interface. This may allow both authenticated remote attackers and non-authenticated attackers in the same network as the appliance to perform a stored cross-site scripting attack (XSS) via injecting malicious payloads in different locations.

Recommendations For FortiWLC version 8.6.0, update to a version that fixes the improper neutralization of input during web page generation. For FortiWLC versions 8.5.3 and below, update to a version that fixes the improper neutralization of input during web page generation. For FortiWLC versions 8.4.8 and below, update to a version that fixes the improper neutralization of input during web page generation. For FortiWLC version 8.3.3, update to a version that fixes the improper neutralization of input during web page generation. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.