====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN133
_____________________________________________________________________

DATE                : 12/03/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiADC versions prior to 5.3.4.

=====================================================================
https://fortiguard.com/psirt/FG-IR-19-220
_____________________________________________________________________

Stored XSS vulnerability in traffic group interface

IR Number : FG-IR-19-220
Date      : Mar 09, 2020
Risk      : 2/5
Impact    : Execute unauthorized code or commands
CVE ID    : CVE-2019-6699


Summary

An improper neutralization of input vulnerability in the FortiADC may
allow an attacker to execute a stored Cross Site Scripting (XSS) via a
field in the traffic group interface.


Impact

Execute unauthorized code or commands


Affected Products

FortiADC version 5.3.3 and below


Solutions

Please upgrade to FortiADC version 5.3.4 or above


Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI Dynamic IT Security
for reporting this vulnerability under responsible disclosure.


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================