Test ID:	1.3.6.1.4.1.25623.1.0.805297
Category:	FortiOS Local Security Checks
Title:	Fortinet FortiMail WebGUI XSS Vulnerability (FG-IR-15-005)
Summary:	Fortinet FortiMail is prone to a cross-site scripting (XSS); vulnerability.;; This VT has been deprecated and replaced by the VT 'FortiMail Stored XSS Vulnerability (FG-IR-15-005)'; (OID: 1.3.6.1.4.1.25623.1.0.805646).
Description:	Summary: Fortinet FortiMail is prone to a cross-site scripting (XSS) vulnerability. This VT has been deprecated and replaced by the VT 'FortiMail Stored XSS Vulnerability (FG-IR-15-005)' (OID: 1.3.6.1.4.1.25623.1.0.805646). Vulnerability Insight: The flaw exists because the 'Web Action Quarantine Release' feature does not validate input before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attackers to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: FortiMail versions 4.3.x before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5 and 5.2.x before 5.2.3. Solution: Update to FortiMail version 4.3.9 or 5.0.8 or 5.1.5 or 5.2.3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8617 http://seclists.org/fulldisclosure/2015/Mar/5 http://www.securitytracker.com/id/1031859
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.