FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form

May 3, 2022, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

block filter fortios vulnerability web web filter xss

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 1 week ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 1 week ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 1 week ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 1 week ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 1 week ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 1 week ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 1 week ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 1 week ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 1 week ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Embedded Penetration Tester - Cyber Security Team [BGSW]

@ Bosch Group | Warszawa, Poland

View on infosec-jobs.com

Staff Cybersecurity Engineer

@ Torc Robotics | Blacksburg, VA; Remote, US

View on infosec-jobs.com

Cybersecurity Engineer

@ Tiro Solutions Group LLC | Downers Grove, Illinois, United States

View on infosec-jobs.com

Director, Network Compliance

@ Marriott International | Bethesda, MD, United States

View on infosec-jobs.com

Cybersecurity Manager

@ Tiro Solutions Group LLC | Downers Grove, Illinois, United States

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiProxy & FortiOS - XSS vulnerability in Web Filter Block Override Form

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Embedded Penetration Tester - Cyber Security Team [BGSW]

Staff Cybersecurity Engineer

Cybersecurity Engineer

Director, Network Compliance

Cybersecurity Manager