Cross-Site Scripting Vulnerability in Fortinet FortiWeb
CVE-2021-41015
6.1MEDIUM
What is CVE-2021-41015?
A vulnerability in Fortinet FortiWeb, versions 6.4.1 and below, as well as 6.3.15 and below, allows attackers to exploit improper input neutralization during web page generation. This flaw enables the execution of arbitrary code or commands through specially crafted HTTP requests directed at the SAML login handler. Organizations using affected versions are at risk of unauthorized access and potential data compromise.
Affected Version(s)
Fortinet FortiWeb FortiWeb 6.4.1, 6.4.0