Stored Cross-Site Scripting Vulnerability in FortiWLC Web Interface
CVE-2021-26087
4.2MEDIUM
What is CVE-2021-26087?
FortiWLC's web interface is vulnerable due to improper input neutralization during web page generation. This flaw affects multiple versions, allowing both authenticated and unauthenticated attackers on the same network to execute stored cross-site scripting attacks. Attackers can inject malicious payloads via various entry points, potentially compromising user data and leading to unauthorized actions within the web interface.
Affected Version(s)
FortiWLC 8.6.0
FortiWLC 8.5.0 <= 8.5.3
FortiWLC 8.4.4 <= 8.4.8