CVE-2021-32602

CVE-2021-32602

An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value.

Source: CVE-2021-32602

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다