CVE-2024-35280

Name of the Vulnerable Software and Affected Versions: Fortinet FortiDeceptor versions 3.x through 5.3.0

Description: The issue is related to an improper neutralization of input during web page generation, also known as 'cross-site scripting'. This may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints.

Recommendations: For Fortinet FortiDeceptor versions 3.x through 5.3.0, consider disabling access to the recovery endpoints as a temporary workaround until a patch is available. Restrict input to prevent malicious code injection in the recovery endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.