A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 βCSRF validation failureβ page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header.
[
{
"product": "FortiAuthenticator",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "below 5.3.0 versions"
}
]
}
]