CVE-2019-16151 Information

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted \Host\ header or to execute JavaScript code in the victim’s browser context. This happens when the FortiGate has web filtering and category override enabled/configured.

Reference

https://fortiguard.com/advisory/FG-IR-19-301