Vigil@nce - FortiManager 5.2.3: two vulnerabilities of GUI
November 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of FortiManager GUI
v5.2.3.
Impacted products: FortiManager.
Severity: 2/4.
Creation date: 25/09/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in FortiManager GUI v5.2.3.
An attacker can trigger a Cross Site Scripting in
sharedjobmanager, in order to run JavaScript code in the context
of the web site. [severity:2/4]
An attacker can trigger a Cross Site Scripting in
SOMServiceObjDialog, in order to run JavaScript code in the
context of the web site. [severity:2/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FortiManager-5-2-3-two-vulnerabilities-of-GUI-17981