An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15940
Reference (s):
- https://fortiguard.com/advisory/FG-IR-20-067
- URL: https://fortiguard.com/advisory/FG-IR-20-067