First published: Tue Jul 09 2024(Updated: )
An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS and FortiProxy's web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via social engineering the targeted user into bookmarking a malicious samba server, then opening the bookmark.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
FortiOS | >=7.4.0<=7.4.3 | |
FortiOS | >=7.2.0<=7.2.7 | |
FortiOS | >=7.0.0<=7.0.13 | |
FortiOS | >=6.4 | |
Fortinet FortiProxy | >=7.4.0<=7.4.3 | |
Fortinet FortiProxy | >=7.2.0<=7.2.9 | |
Fortinet FortiProxy | >=7.0.0<=7.0.16 |
Please upgrade to FortiProxy version 7.4.4 or above Please upgrade to FortiProxy version 7.2.10 or above Please upgrade to FortiProxy version 7.0.17 or above Please upgrade to FortiOS version 7.4.4 or above Please upgrade to FortiOS version 7.2.8 or above Please upgrade to FortiOS version 7.0.14 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-26006 is classified as a moderate severity vulnerability due to its potential for Cross-Site Scripting attacks.
To fix CVE-2024-26006, update FortiOS or FortiProxy to the latest versions, specifically 7.4.4 or later for affected versions.
CVE-2024-26006 affects FortiOS versions 7.0.0 to 7.4.3, as well as 6.4.
CVE-2024-26006 affects FortiProxy versions 7.0.0 to 7.4.3.
CVE-2024-26006 allows a remote unauthenticated attacker to perform a Cross-Site Scripting (XSS) attack.