A high-severity cross-site scripting (XSS) vulnerability affecting several FortiOS and FortiProxy versions has been patched by Fortinet. The security flaw is identified as CVE-2023-29183 and is characterized as a “improper neutralization of input during web page generation” (CVSS score of 7.3). Fortinet adds in an alert that a successful exploit of the flaw might enable an authenticated attacker to utilize specially crafted guest management settings to start the execution of malicious JavaScript code.
The vulnerability was discovered by Fortinet’s CSE team and affects FortiProxy versions 7.0 and 7.2 as well as FortiOS versions 6.2, 6.4, 7.0, and 7.2. To fix this problem, Fortinet released FortiProxy versions 7.0.11 and 7.2.5 as well as FortiOS versions 6.2.15, 6.4.13, 7.0.12, 7.2.5, and 7.4.0.