Fortiweb 5.0.3 and earlier versions contain a cross-site scripting vulnerability. The filter parameter in the URL '/user/ldap_user/add' is vulnerable to cross-site scripting attack.
A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Upgrade to FortiWeb 5.1.0 or higher.
FortiWeb 5.0.3 and lower.
Check the version
Updated on 2015-03-25