Release date:
Updated on:
Affected Systems:
Fortinet FortiOS 5.x
Fortinet FortiOS 4.x
Description:
--------------------------------------------------------------------------------
Fortinet FortiGate is a popular hardware firewall.
Fortinet FortiOS (FortiGate) versions earlier than 4.3.8 B0630 and 5.0 B064 pass the "mkey" parameter to the objusagedlg input, and the input passed to displaymessage through the "title" parameter is not properly filtered and is returned to the user. attackers can execute arbitrary HTML and script code in the user browser of the affected site.
<* Source: Benjamin Kunz Mejri
Link: http://secunia.com/advisories/50638/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Fortinet
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.fortinetfirewall.com/index.php