Cross-Site Scripting Vulnerability in FortiADC Web Administration Interface
CVE-2014-0331

Currently unrated

Key Information:

Vendor
Fortinet
Status
Fortiadc Firmware
Fortiadc-1000e
Fortiadc-1500d
Fortiadc-2000d
Vendor
CVE Published:
10 April 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the web administration interface of FortiADC with firmware versions prior to 3.2.1. This flaw allows remote attackers to inject arbitrary web scripts or HTML via the locale parameter to the gui_partA endpoint, potentially leading to unauthorized access and data leakage. It is crucial for users to apply the latest firmware updates to mitigate this risk.

References

http://www.kb.cert.org/vuls/id/667340
third-party-advisoryx_refsource_CERT-VN
http://www.securitytracker.com/id/1030018
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/66642
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.