====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN366
_____________________________________________________________________

DATE                : 25/06/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiWLC versions prior to 8.5.2.

=====================================================================
https://fortiguard.com/psirt/FG-IR-20-016
_____________________________________________________________________


XSS vulnerability in the ESS Profile and Radius Profile of FortiWLC


Summary

An improper neutralization of input vulnerability in FortiWLC may allow
a remote authenticated attacker to perform a stored cross site scripting
attack (XSS) via the ESS profile or the Radius Profile.


Impact

Unauthorized code execution


Affected Products

FortiWLC version 8.5.1 and below.


Solutions

Please upgrade to FortiWLC version 8.5.2 or above.


Acknowledgement

Fortinet is pleased to thank Ali Ardic from Trend Micro for reporting
this vulnerability under responsible disclosure


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================