Fortinet FortiOS Improper Input Neutralization Vulnerability in Web Filtering Allowing Redirects or JavaScript Execution

Vulnerability

A vulnerability exists in Fortinet FortiOS versions 6.4.1 and prior, as well as 6.2.9 and prior, due to improper neutralization of input during web page generation. This vulnerability may enable a remote, unauthenticated attacker to redirect users to malicious websites by sending a crafted 'Host' header, or to execute JavaScript code in the context of the victim's browser. The issue arises when the FortiGate device has web filtering and category override features enabled and configured.

Impact

Exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing for the execution of malicious scripts in the context of the user's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

1.0

exploitability

6.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

1.0

exploitability

6.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS Improper Input Neutralization Vulnerability in Web Filtering Allowing Redirects or JavaScript Execution

Vulnerability

Impact

Affected Products

Fortinet FortiOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating