====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN130
_____________________________________________________________________

DATE                : 12/03/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiIsolator versions prior to
                                          2.0.0.

=====================================================================
https://fortiguard.com/psirt/FG-IR-19-270
_____________________________________________________________________

XSS vulnerability in the URL Description of URL filter

IR Number : FG-IR-19-270
Date      : Mar 09, 2020
Risk      : 3/5
Impact    : Unauthorized code execution
CVE ID    : CVE-2020-6643


Summary

An improper neutralization of input vulnerability in the URL Description
of FortiIsolator may allow a remote authenticated attacker to perform a
stored cross site scripting attack (XSS) via a parameter of the request.


Impact

Unauthorized code execution


Affected Products

FortiIsolator version 1.2.2 and below.


Solutions

Please upgrade to FortiIsolator version 2.0.0 or above.


Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI for reporting this
vulnerability under responsible disclosure.



=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================